The cause, according to Microsoft, is not necessarily due to a change in how the company has implemented updates in Windows 11 24H2. Instead, it appears to be a bug in reporting disk space.
Microsoft added the problem to the list of known issues with the Windows 11 24H2 release on October 14, 2024, with the following explanation: “This is a reporting error. When ‘Windows Update Cleanup’ is selected and Disk Cleanup is run for the first time, some or all files in that category (for example, 15 GB) are cleaned up correctly and the related disk space is freed as expected.
“However, after this initial run, the tool may inaccurately report an amount of space still available for cleanup (for example, 88 GB) in the ‘Windows Update Cleanup’ category. This inaccurate amount of disk space is reported even though the space was already freed in the initial run.”
According to Microsoft, the tool inaccurately reports how much disk space could be freed. Microsoft said it is “working on a resolution and will provide more information when it is available.”
How this “reporting error” came to be in the production build is unclear, particularly since complaints about it have been rumbling for a while now in Microsoft’s Feedback Hub. Microsoft eventually responded to our query, but only to say it would “look into this and circle back,” with a link to the Release Health Dashboard.
Impact, an app that describes itself as “AI-powered infrastructure for shaping and managing narratives in the modern world,” is testing a way to organize and activate supporters on social media in order to promote certain political messages. The app aims to summon groups of supporters who will flood social media with AI-written talking points designed to game social media algorithms.
In video demos and an overview document provided to people interested in using a prototype of the app that have been viewed by 404 Media, Impact shows how it can send push notifications to groups of supporters directing them at a specific social media post and provide them with AI-generated text they can copy and paste in order to flood the replies with counter arguments.
One demo video viewed by 404 Media shows one of the people who created the app, Sean Thielen, logged in as “Stop Anti-Semitism,” a fake organization with a Star of David icon (no affiliation to the real organization with the same name), filling out a “New Action Request” form. Thielen decides which users to send the action to and what they want them to do, like “reply to this Tweet with a message of support and encouragement” or “Reply to this post calling out the author for sharing misinformation.” The user can also provide a link to direct supporters to, and provide talking points, like “This post is dishonest and does not reflect actual figures and realities,” “The President’s record on the economy speaks for itself,” and “Inflation has decreased [sic] by XX% in the past six months.” The form also includes an “Additional context” box where the user can type additional detail to help the AI target the right supporters, like “Independent young voters on Twitter.” In this case, the demo shows how Impact could direct a group of supporters to a factual tweet about the International Court of Justice opinion critical of Israel’s occupation of the Palestinian territories and flood the replies with AI-generated responses criticizing the court and Hamas and supporting Israel.
[…]
Becca Lewis, a postdoctoral scholar at the Stanford Department of Communication, said that when discussing bot farms and computational propaganda, researchers often use the term “authenticity” to delineate between a post shared by an average human user, and a post shared by a bot or a post shared by someone who is paid to do so. Impact, she said, appears to use “authentic” to refer to posts that seem like they came from real people or accurately reflects what they think even if they didn’t write the post.
“But when you conflate those two usages, it becomes dubious, because it’s suggesting that these are posts coming from real humans, when, in fact, it’s maybe getting posted by a real human, but it’s not written by a real human,” Lewis told me. “It’s written and generated by an AI system. The lines start to get really blurry, and that’s where I think ethical questions do come to the foreground. I think that it would be wise for anyone looking to work with them to maybe ask for expanded definitions around what they mean by ‘authentic’ here.”
[…]
The “Impact platform” has two sides. There’s an app for “supporters (participants),” and a separate app for “coordinators/campaigners/stakeholders/broadcasters (initiatives),” according to the overview document.
Supporters download the app and provide “onboarding data” which “is used by Impact’s AI to (1) Target and (2) Personalize the action requests” that are sent to them. Supporters connect to initiatives by entering a provided code, and these action requests are sent as push notifications, the document explains.
“Initiatives,” on the other hand, “have access to an advanced, AI-assisted dashboard for managing supporters and actions.”
[…]
“I think astroturfing is a great way of phrasing it, and brigading as well,” Lewis said. “It also shows it’s going to continue to siphon off who has the ability to use these types of tools by who is able to pay for them. The people with the ability to actually generate this seemingly organic content are ironically the people with the most money. So I can see the discourse shifting towards the people with the money to to shift it in a specific direction.”
Apple today reminded developers that the EU trader requirement in the European Union is now being enforced. Developers who distribute apps in the EU will now need to share information that includes address, phone number, and email address on the EU App Store.
Submitting updates for apps on the App Store in the European Union now requires trader information that’s added via App Store Connect, with those details shared on each developer’s App Store page. App updates can no longer be submitted without trader information, and starting on February 17, 2025, apps that do not have a trader status set will be removed from the App Store in the EU until trader status is provided and verified.
The Digital Services Act (DSA) in the European Union requires Apple to verify and display trader contact information for all “traders” who are distributing apps on the App Store in the European Union. Developers who make money from the App Store through either an upfront purchase price or through in-app purchases are considered traders, regardless of size.
If you’ve ever opted to rent a movie through a Redbox kiosk, your private info is out there waiting for any tinkerer to get their hands on it. One programmer who reverse-engineered a kiosk’s hard drive proved the Redbox machines can cough up transaction histories featuring customers’ names, emails, and rentals going back nearly a decade. It may even have part of your credit card number stored on-device.
[…]
a California-based programmer named Foone Turing, managed to grab an unencrypted file from the internal hard drive containing a file that showed the emails, home addresses, and the rental history for either a fraction or the whole of those who previously used the kiosk.
[…]
Turing told Lowpass that the Redbox stored some financial information on those drives, including the first six and last four digits of each credit card used and “some lower-level transaction details.” The devices did apparently connect to a secure payment system through Redbox’s servers, but the systems stored financial information on a log in a different folder than the rental records. She told us that it’s likely the system only stored the last month of transaction logs.
I’m a loud proponent for accessibility in tech, though, sadly, I don’t get to celebrate it often. This week, the U.S. Federal Communications Commission delivered a rare win by mandating that all mobile phones be hearing aid compatible.
The new mandate, announced Thursday, also discouraged phone manufacturers from incorporating proprietary Bluetooth standards on their products as that could potentially complicate the process of connecting to hearing aids. Instead, it established a new Bluetooth pairing requirement that should facilitate a simpler and more universal connectivity between smartphones and hearing aids.
The FCC also required smartphone manufacturers to ensure their devices are meeting the volume control benchmarks, so users can crank up their smartphones’ volume without having their content suffer from distortion. Turning the volume up on a device often reveals its weakness and takes away crispness and detail, so I’m happy there’s finally a check for this measure; this specific requirement will also benefit people without hearing loss.
[…]
According to an FCC fact sheet, the transition period to adapt to the new mandate is 24 months for smartphone manufacturers, 30 months for nationwide service providers, and 42 months for non-nationwide providers. It adds that it will ensure non-compatible devices are no longer selling when the transition period ends.
Microsoft has notified customers that it’s missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions.
According to a notification sent to affected customers, Microsoft said that “a bug in one of Microsoft’s internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform” between September 2 and September 19.
The notification said that the logging outage was not caused by a security incident, and “only affected the collection of log events.”
Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights.
[…]
The affected products include Microsoft Entra, Sentinel, Defender for Cloud, and Purview, according to the Business Insider report.
[…]
The logging outage comes a year after Microsoft came under fire from federal investigators for withholding security logs from certain U.S. federal government departments that host their emails on the company’s hardened, government-only cloud; investigators said having access to those logs could have identified a series of China-backed intrusions far sooner.
The China-backed intruders, referred to as Storm-0558, broke into Microsoft’s network and stole a digital skeleton key that allowed the hackers unfettered access to U.S. government emails stored in Microsoft’s cloud
[…]
Following the China-backed hacks, Microsoft said it would start providing logs to its lower-paid cloud accounts from September 2023.
Fungi are fascinating lifeforms that defy conventional notions of animal intelligence. They don’t have brains, yet display clear signs of decision making and communication. But just how complex are these organisms and what can they tell us about other forms of awareness? To begin investigating these mysteries, researchers at Japan’s Tohoku University and Nagaoka College conducted a straightforward test to observe the decision-making prowess of a cord-forming fungus known as Phanerochaete velutina. According to the team’s study published in Fungal Ecology, their findings indicate fungi can “recognize” different spatial arrangements of wood and adapt accordingly to make the most of their world.
Although many people only recognize fungi by their aboveground mushrooms, those formations are just the outermost display of an often vast network of underground threads called mycelium. These interconnected webs are capable of relaying environmental information throughout an entire system that can stretch for miles. But mycelium’s growth doesn’t necessarily extend in every direction at random—it appears to be a calculated effort.
Fungal mycelial networks connecting wood blocks arranged in circle (left) and cross (right) shapes. Credit: Yu Fukasawa et al.
To demonstrate this ability, researchers set up two 24-cm-wide (9.44-in-wide) square dirt environments and soaked decaying wood blocks for 42 days in a solution containing P. velutina spores. They then placed the blocks in either a circular or cross-shaped arrangement inside the box, and let the fungi go about its business for 116 days. If the P. velutina grew at random, then it would indicate a lack of basal cognition decision-making—but that’s not what happened at all.
At first, the mycelium grew outward around each block for 13 days without connecting to each other. About a month later, however, both arrangements displayed extremely tangled fungi webs stretching between every wood sample. But then, something striking occurred—by day 116, each fungal network had organized itself along much more deliberate, clearly defined pathways. In the circle setting, P. velutina displayed uniform connectivity growing outward, but barely grew into the ring’s interior. Meanwhile, the cross fungi extended much further from its four outermost blocks.
Researchers theorized that, in the circular environment, the mycelial network determined there was little benefit to expend excess energy into a region it already occupied. In the case of the cross scenario, the team thinks that the four exterior post’s growth areas served as “outposts” for foraging missions. Taken together, the two tests strongly suggest networks of brainless organisms communicated between each other through the mycelial networks to grow according to the environmental situations.
“You’d be surprised at just how much fungi are capable of. They have memories, they learn, and they can make decisions,” Yu Fukasawa, a study co-author at Tohoku University, said in the paper’s announcement on October 8th. “Quite frankly, the differences in how they solve problems compared to humans is mind-blowing.”
While much remains to be understood about these often overlooked organisms, researchers believe continued experimentation and analysis may lead to a better understanding of the broader evolutionary history of consciousness, and even chart a path towards advanced bio-based computers.
[…] when OpenAI CEO Sam Altman spoke at the dev day, he touched on potential earning opportunities for developers.
“Revenue sharing is important to us,” Altman said.” We’re going to pay people who build the most useful and the most-used GPTs a portion of our revenue.”
[…]
Books GPT, which churns out personalized book recommendations and was promoted by OpenAI at the Store’s launch, is his most popular.
But 10 months after its launch, it seems that revenue-sharing has been reserved for a tiny number of developers in an invite-only pilot program run by OpenAI. Villocido, despite his efforts, wasn’t included.
According to Villocido and other small developers who spoke with WIRED, OpenAI’s GPT Store has been a mixed bag. These developers say that OpenAI’s analytics tools are lacking and that they have no real sense of how their GPTs are performing. OpenAI has said that GPT creators outside of the US, like Villocido, are not eligible for revenue-sharing.
Those who are able to make money from their GPTs usually devise workarounds, like placing affiliate links or advertising within their GPTs. Other small developers have used the success of their GPTs to market themselves while raising outside funding.
[…]
Copywriter GPT, his GPT that drafts advertising copy, has had between 500,000 and 600,000 interactions. Like Villocido’s Books GPT, Lin’s has been featured on the homepage of OpenAI’s Store.
But Lin can’t say exactly how much traction his GPTs have gotten or how frequently they are used, because OpenAI only provides “rough estimations” to small developers like him. And since he’s in Singapore, he won’t receive any payouts from OpenAI for the usage of his app.
[…]
the creator of the Books GPT that was featured in the Store launch, he found he could no longer justify the $20 per month cost of the ChatGPT subscription required to build and maintain his custom GPTs.
He now collects a modest amount of revenue each month by placing ads in the GPTs he has already created, using a chatbot ad tool called Adzedek. On a good month, he can generate $200 a month in revenue. But he chooses not to funnel that back into ChatGPT.
Police officers in Portland, Oregon, stopped a car Tuesday night when they noticed a bag inside that said “Definitely not a bag full of drugs”. It, in fact, was – full of drugs: 79 blue fentanyl pills, three fake oxycodone tablets and 230g of methamphetamine, to be exact.
It’s scary to think about how many games in your backlog will never get played; scarier, still, to think about how you don’t, in most real senses of the word, own any of them.
Now Valve, seemingly working to comply with a new California law targeting “false advertising” of “digital goods,” has added language to its checkout page to confirm that thinking. “A purchase of a digital product grants a license for the product on Steam,” the Steam cart now tells its customers, with a link to the Steam Subscriber Agreement further below.
Credit: Kevin Purdy
California’s AB2426 law, signed by Gov. Gavin Newsom Sept. 26, excludes subscription-only services, free games, and digital goods that offer “permanent offline download to an external storage source to be used without a connection to the internet.” Otherwise, sellers of digital goods cannot use the terms “buy, purchase,” or related terms that would “confer an unrestricted ownership interest in the digital good.” And they must explain, conspicuously, in plain language, that “the digital good is a license” and link to terms and conditions.
Which is what Valve has now added to its cart page before enforcement of these terms was due to start next year.
Sony has indefinitely decommissioned the PlayStation 4 servers for puzzle platformer LittleBigPlanet 3, the company announced in an update to one of its support pages. The permanent shutdown comes just months after the servers were temporarily taken offline due to ongoing issues. Fans now fear potentially hundreds of thousands of player creations not saved locally Read more about Sony Shuts Down LittleBigPlanet 3 Servers, destroying Fan Creations – don’t trust the cloud[…]
Windows 11 24H2 users are finding there is undeletable data that remains on their devices after installing the recently released feature update.
The known issues list has not grown in the days since the rollout on October 15, however, for many users – this writer included – attempts to clean up the detritus after the update has left 8.63 GB of disk space occupied by “Windows Update Cleanup.”
Having file remnants after a Windows update is not unusual, and, according to Microsoft, “Windows keeps copies of all installed updates from Windows Update, even after installing newer versions of updates.” Space taken up by the old versions can be reclaimed – at least that’s the idea.
The Windows Settings application or the delightfully retro Disk Cleanup tool can be used to clear the temporary files from storage.
However, that 8.63 GB of data appears to persist regardless of how often a user attempts to delete it or restarts Windows 11. A scan of Microsoft’s Feedback Hub confirms numerous users are affected.
the mouse pointer disappeared when they clicked in text fields in certain apps, notably Google Chrome, Microsoft Edge, Slack, and Spotify.
The common theme here? These are pieces of software that leverage Chromium (it’s the web engine that Chrome is actually built on, and Edge too, as well as some of the other best web browsers out there).
[…] Provided you don’t update to the 24H2 version of Windows 11 and remain on version 23H2, you’ll still be able to play SteamVR content through November 2026. After that, WMR headsets will no longer receive security updates, non-security updates, bug fixes, technical support, or online technical content updates, Microsoft said.
While many users of first-gen WMR headsets have likely moved on, the latest addition to the platform, HP Reverb G2, was released in 2020 as a competitor to Oculus Rift S and Valve Index, noted at the time for its impressive display clarity and improved tracking capabilities over other WMR headsets.
This comes amid Microsoft announcing it’s deprecating its other big XR hardware platform, HoloLens 2, which is now discontinued, offering security patches until December 31st, 2027.
A new study is redefining how we understand affective polarization. The study proposes that disappointment, rather than hatred, may be the dominant emotion driving the growing divide between ideological groups.
The findings are published in the journal Cognition and Emotion. The team was led by Ph.D. student Mabelle Kretchner from the Department of Psychology at The Hebrew University of Jerusalem, under the supervision of Prof. Eran Halperin and in collaboration with Prof. Sivan Hirsch-Hoefler from Reichman University and Dr. Julia Elad-Strenger from Bar Ilan University.
Affective polarization, characterized by deepening negative feelings between members of opposing ideological groups, is a major concern to democratic stability worldwide. While numerous studies have examined the causes and potential solutions to this phenomenon, the emotional underpinnings of affective polarization have remained poorly understood.
[…]
“Disappointment is an emotion that encapsulates both positive and negative experiences,” explains Kretchner.
“While hatred is destructive and focuses on viewing the outgroup as fundamentally evil, disappointment reflects a more complex dynamic. It includes unmet expectations and a sense of loss, but also retains a recognition of shared goals and the potential for positive change. This dual nature makes it a more accurate representation of the complexity embedded in ideological intergroup relations.”
Across five studies conducted in the US and Israel, disappointment was the only emotion consistently linked to affective polarization, while other negative emotions did not show the same consistent association. Notably, hatred did not predict affective polarization in any of the studies, even during politically charged periods such as the Capitol riots, the US withdrawal from Afghanistan, and the Supreme Court hearings on Roe v. Wade.
[…]
This finding suggests that interventions aimed at reducing affective polarization might be more effective if they target specific emotions underlying affective polarization like disappointment.
As societies across the globe grapple with rising political tensions, the insights from this study offer a fresh perspective on how to heal divisions
[…]
More information: Eran Halperin et al, The affective gap: a call for a comprehensive examination of the discrete emotions underlying affective polarization, Cognition and Emotion (2024). DOI: 10.1080/02699931.2024.2348028
Per- and polyfluoroalkyl chemicals, known commonly as PFAS, could take over 40 years to flush out of contaminated groundwater in North Carolina’s Cumberland and Bladen counties, according to a new study from North Carolina State University. The study used a novel combination of data on PFAS, groundwater age-dating tracers, and groundwater flux to forecast PFAS concentrations in groundwater discharging to tributaries of the Cape Fear River in North Carolina.
The researchers sampled groundwater in two different watersheds adjacent to the Fayetteville Works fluorochemical plant in Bladen County.
“There’s a huge area of PFAS contaminated groundwater — including residential and agricultural land — which impacts the population in two ways,” says David Genereux, professor of marine, earth and atmospheric sciences at NC State and leader of the study.
“First, there are over 7,000 private wells whose users are directly affected by the contamination. Second, groundwater carrying PFAS discharges into tributaries of the Cape Fear River, which affects downstream users of river water in and near Wilmington.”
The researchers tested the samples they took to determine PFAS types and levels, then used groundwater age-dating tracers, coupled with atmospheric contamination data from the N.C. Department of Environmental Quality and the rate of groundwater flow, to create a model that estimated both past and future PFAS concentrations in the groundwater discharging to tributary streams.
They detected PFAS in groundwater up to 43 years old, and concentrations of the two most commonly found PFAS — hexafluoropropylene oxide-dimer acid (HFPO−DA) and perfluoro-2-methoxypropanoic acid (PMPA) — averaged 229 and 498 nanograms per liter (ng/L), respectively. For comparison, the maximum contaminant level (MCL) issued by the U.S. Environmental Protection Agency for HFPO-DA in public drinking water is 10 ng/L. MCLs are enforceable drinking water standards.
“These results suggest it could take decades for natural groundwater flow to flush out groundwater PFAS still present from the ‘high emission years,’ roughly the period between 1980 and 2019,” Genereux says. “And this could be an underestimate; the time scale could be longer if PFAS is diffusing into and out of low-permeability zones (clay layers and lenses) below the water table.”
The researchers point out that although air emissions of PFAS are substantially lower now than they were prior to 2019, they are not zero, so some atmospheric deposition of PFAS seems likely to continue to feed into the groundwater.
“Even a best-case scenario — without further atmospheric deposition — would mean that PFAS emitted in past decades will slowly flush from groundwater to surface water for about 40 more years,” Genereux says. “We expect groundwater PFAS contamination to be a multi-decade problem, and our work puts some specific numbers behind that. We plan to build on this work by modeling future PFAS at individual drinking water wells and working with toxicologists to relate past PFAS levels at wells to observable health outcomes.”
Craig R. Jensen, David P. Genereux, D. Kip Solomon, Detlef R. U. Knappe, Troy E. Gilmore. Forecasting and Hindcasting PFAS Concentrations in Groundwater Discharging to Streams near a PFAS Production Facility. Environmental Science & Technology, 2024; 58 (40): 17926 DOI: 10.1021/acs.est.4c06697
The personal care products we use on a daily basis significantly affect indoor air quality, according to new research by a team at EPFL. When used indoors, these products release a cocktail of more than 200 volatile organic compounds (VOCs) into the air, and when those VOCs come into contact with ozone, the chemical reactions that follow can produce new compounds and particles that may penetrate deep into our lungs. Scientists don’t yet know how inhaling these particles on a daily basis affects our respiratory health.
The EPFL team’s findings have been published in Environmental Science & Technology Letters.
[…]
In one test, the researchers applied the products under typical conditions, while the air quality was carefully monitored. In another test, they did the same thing but also injected ozone, a reactive outdoor gas that occurs in European latitudes during the summer months.
[…]
However, when ozone was introduced into the chamber, not only new VOCs but also new particles were generated, particularly from perfume and sprays, exceeding concentrations found in heavily polluted urban areas such as downtown Zurich.
“Some molecules ‘nucleate’—in other words, they form new particles that can coagulate into larger ultrafine particles that can effectively deposit into our lungs,” explains Licina. “In my opinion, we still don’t fully understand the health effects of these pollutants, but they may be more harmful than we think, especially because they are applied close to our breathing zone. This is an area where new toxicological studies are needed.”
Preventive measures
To limit the effect of personal care products on indoor air quality, we could consider several alternatives for how buildings are engineered: introducing more ventilation—especially during the products’ use—incorporating air-cleaning devices (e.g., activated carbon-based filters combined with media filters), and limiting the concentration of indoor ozone.
Another preventive measure is also recommended, according to Licina: “I know this is difficult to hear, but we’re going to have to reduce our reliance on these products, or if possible, replace them with more natural alternatives that contain fragrant compounds with low chemical reactivity. Another helpful measure would be to raise awareness of these issues among medical professionals and staff working with vulnerable groups, such as children and the elderly.”
More information: Tianren Wu et al, Indoor Emission, Oxidation, and New Particle Formation of Personal Care Product Related Volatile Organic Compounds, Environmental Science & Technology Letters (2024). DOI: 10.1021/acs.estlett.4c00353
Microsoft’s Outlook app is crashing for European users due to memory problems, Redmond has warned, and evidence suggests the problems are spreading to the US.
“We’re investigating an issue in which users in Europe may be experiencing crashing, not receiving emails or observing high memory usage when using the Outlook client,” Redmond warned.
“We’re analyzing data from customers experiencing crashes and high memory usage when using the New Outlook desktop app. We’re reviewing service telemetry and reproducing the issue internally to develop a mitigation plan.”
So far, there is no word on Microsoft’s plan, but social media reports suggest the US East Coast at least is suffering similar problems. Downdetector indicates the issue appears to be spreading.
“It’s been spreading across the country like the common cold now, and I can’t seem to figure out what is causing it,” reported one user. “There have been no changes to the environment and no updates to the Windows desktops that are having this issue.”
Microsoft’s engineers are working on the issue and trying to find out what the problem is. It’s not a good look for a software giant’s main email system.
The US government’s General Services Administration’s (GSA) facial matching login service is now generally available to the public and other federal agencies, despite its own recent report admitting the tech is far from perfect.
The GSA announced general availability of remote identity verification (RiDV) technology through login.gov, and the service’s availability to other federal government agencies yesterday. According to the agency, the technology behind the offering is “a new independently certified” solution that complies with the National Institute of Standards and Technology’s (NIST) 800-63 identity assurance level 2 (IAL2) standard.
IAL2 identity verification involves using either remote or in-person verification of a person’s identity via biometric data along with some physical element, like an ID photograph, access to a cellphone number, for example.
“This new IAL2-compliant offering adds proven one-to-one facial matching technology that allows Login.gov to confirm that a live selfie taken by a user matches the photo on a photo ID, such as a driver’s license, provided by the user,” the GSA said.
The Administration noted that the system doesn’t use “one-to-many” face matching technology to compare users to others in its database, and doesn’t use the images for any purpose other than verifying a user’s identity.
[…]
In a report issued by the GSA’s Office of the Inspector General in early 2023, the Administration was called out for saying it implemented IAL2-level identity verification as early as 2018, but never actually supporting the requirements to meet the standard.
“GSA knowingly billed customer agencies over $10 million for services, including alleged IAL2 services that did not meet IAL2 standards,” the report claimed.
[…]
Fast forward to October of last year, and the GSA said it was embracing facial recognition tech on login.gov with plans to test it this year – a process it began in April. Since then, however, the GSA has published pre-press findings of a study it conducted of five RiDV technologies, finding that they’re still largely unreliable.
The study anonymized the results of the five products, making it unclear which were included in the final pool or how any particular one performed. Generally, however, the report found that the best-performing product still failed 10 percent of the time, and the worst had a false negative rate of 50 percent, meaning its ability to properly match a selfie to a government ID was no better than chance.
Higher rejection rates for people with darker skin tones were also noted in one product, while another was more accurate for people of AAPI descent, but less accurate for everyone else – hardly the equitability the GSA said it wanted in an RiDV product last year.
[…]
It’s unclear what solution has been deployed for use on login.gov. The only firm we can confirm has been involved though the process is LexisNexis, which previously acknowledged to The Register that it has worked with the GSA on login.gov for some time.
That said, LexisNexis’ CEO for government risk solutions told us recently that he’s not convinced the GSA’s focus on adopting IAL2 RiDV solutions at the expense of other biometric verification methods is the best approach.
“Any time you rely on a single tool, especially in the modern era of generative AI and deep fakes … you are going to have this problem,” Haywood “Woody” Talcove told us during a phone interview last month. “I don’t think NIST has gone far enough with this workflow.”
Talcove told us that facial recognition is “pretty easy to game,” and said he wants a multi-layered approach – one that it looks like GSA has declined to pursue given how quickly it’s rolling out a solution.
“What this study shows is that there’s a level of risk being injected into government agencies completely relying on one tool,” Talcove said. “We’ve gotta go further.”
Along with asking the GSA for more details about its chosen RiDV solution, we also asked for some data about its performance. We didn’t get an answer to that question, either.
Walled Culture has been writing about Italy’s Piracy Shield system for a year now. It was clear from early on that its approach of blocking Internet addresses (IP addresses) to fight alleged copyright infringement – particularly the streaming of football matches – was flawed, and risked turning into another fiasco like France’s failed Hadopi law. The central issue with Piracy Shield is summed up in a recent post on the Disruptive Competition Blog:
The problem is that Italy’s Piracy Shield enables the blocking of content at the IP address and DNS level, which is particularly problematic in this time of shared IP addresses. It would be similar to arguing that if in a big shopping mall, in which dozens of shops share the same address, one shop owner is found to sell bootleg vinyl records with pirated music, the entire mall needs to be closed and all shops are forced to go out of business.
As that post points out, Italy’s IP blocking suffers from several underlying problems. One is overblocking, which has already happened, as Walled Culture noted back in March. Another issue is lack of transparency:
The Piracy Shield that has been implemented in Italy is fully automated, which prevents any transparency on the notified IP addresses and lacks checks and balances performed by third parties, who could verify whether the notified IP addresses are exclusively dedicated to piracy (and should be blocked) or not.
Piracy Shield isn’t working, and causes serious collateral damage, but instead of recognising this, its supporters have doubled down, and have just convinced the Italian parliament to pass amendments making it even worse, reported here by TorrentFreak:
VPN and DNS services anywhere on planet earth will be required to join Piracy Shield and start blocking pirate sites, most likely at their own expense, just like Italian ISPs are required to do already.
…
Moving forward, if pirate sites share an IP address with entirely innocent sites, and the innocent sites are outnumbered, ISPs, VPNs and DNS services will be legally required to block them all.
A new offence has been created that is aimed at service providers, including network access providers, who fail to report promptly illegal conduct by their users to the judicial authorities in Italy or the police there. Maximum punishment is not just a fine, but imprisonment for up to one year. Just why this is absurd is made clear by this LinkedIn comment by Diego Ciulli, Head of Government Affairs and Public Policy, Google Italy (translation by DeepL):
Under the label of ‘combating piracy’, the Senate yesterday approved a regulation obliging digital platforms to notify the judicial authorities of all copyright infringements – present, past and future – of which they become aware. Do you know how many there are in Google’s case? Currently, 9,756,931,770.
In short, the Senate is asking us to flood the judiciary with almost 10 billion URLs – and foresees jail time if we miss a single notification.
If the rule is not corrected, the risk is to do the opposite of the spirit of the law: flooding the judiciary, and taking resources away from the fight against piracy.
The new law will make running an Internet access service so risky that many will probably just give up, reducing consumer choice. Freedom of speech will be curtailed, online security weakened, and Italy’s digital infrastructure will be degraded. The end result of this law will be an overall impoverishment of Italian Internet users, Italian business, and the Italian economy. And all because of one industry’s obsession with policing copyright at all costs
Orbital mechanics is a fun subject, as it involves a lot of seemingly empty space that’s nevertheless full of very real forces, all of which must be taken into account lest one’s spacecraft ends up performing a sudden lithobraking maneuver into a planet or other significant collection of matter in said mostly empty space. The primary concern here is that of gravitational pull, and the way it affects one’s trajectory and velocity. With a single planet providing said gravitational pull this is quite straightforward to determine, but add in another body (like the Moon) and things get trickier. Add another big planetary body (or a star like our Sun), and you suddenly got yourself the restricted three-body problem, which has vexed mathematicians and others for centuries.
The three-body problem concerns the initial positions and velocities of three point masses. As they orbit each other and one tries to calculate their trajectories using Newton’s laws of motion and law of universal gravitation (or their later equivalents), the finding is that of a chaotic system, without a closed-form solution. In the context of orbital mechanics involving the Earth, Moon and Sun this is rather annoying, but in 1772 Joseph-Louis Lagrange found a family of solutions in which the three masses form an equilateral triangle at each instant. Together with earlier work by Leonhard Euler led to the discovery of what today are known as Lagrangian (or Lagrange) points.
Having a few spots in an N-body configuration where you can be reasonably certain that your spacecraft won’t suddenly bugger off into weird directions that necessitate position corrections using wasteful thruster activations is definitely a plus. This is why especially space-based observatories such as the James Webb Space Telescope love to hang around in these spots.
Stable and Unstable Stable
Although the definition of Lagrange points often makes it sound like you can put a spacecraft in that location and it’ll remain there forever, it’s essential to remember that ‘stationary’ only makes sense in particular observer’s reference frame. The Moon orbits the Earth, which orbits the Sun, which ultimately orbits the center of the Milky Way, which moves relative to other galaxies. Or it’s just the expansion of space-time which make it appear that the Milky Way moves, but that gets one quickly into the fun corners of theoretical physics.
A contour plot of the effective potential defined by gravitational and centripetal forces. (Credit: NASA)
Within the Earth-Sun system, there are five Lagrange points (L1 – L5), of which L2 is currently the home of the James Webb Space Telescope (JWST) and was the home to previous observatories (like the NASA WMAP spacecraft) that benefit from always being in the shadow of the Earth. Similarly, L1 is ideal for any Sun observatory, as like L2 it is located within easy communication distance
Perhaps shockingly, the L3 point is not very useful to put any observatories or other spacecraft, as the Sun would always block communication with Earth. What L3 has in common with L1 and L2 is that all of these are unstable Lagrange points, requiring course and attitude adjustments approximately every 23 days. This contrasts with L4 and L5, which are the two ‘stable’ points. This can be observed in the above contour plot, where L4 and L5 are on top of ‘hills’ and L1 through L3 are on ‘saddles’ where the potential curves up in one direction and down another.
One way to look at it is that satellites placed in the unstable points have a tendency to ‘wander off’, as they don’t have such a wide region of relatively little variance (contour lines placed far from each other) as L4 and L5 do. While this makes these stable points look amazing, they are not as close to Earth as L1 and L2, and they have a minor complication in the fact that they are already occupied, much like the Earth-Moon L4 and L5 points.
Because of how stable the L4 and L5 points are, the Earth-Moon system ones have found themselves home to the Kordylewski clouds. These are effectively concentrations of dust which were first photographed by Polish astronomer Kazimierz Kordylewski in 1961 and confirmed multiple times since. Although a very faint phenomenon, there are numerous examples of objects caught at these points in e.g. the Sun-Neptune system (Neptune trojans) and the Sun-Mars system (Mars trojans). Even our Earth has picked up a couple over the years, many of them asteroids. Of note that is the Earth’s Moon is not in either of these Lagrange points, having become gravitationally bound as a satellite.
All of which is a long way to say that it’s okay to put spacecraft in L4 and L5 points as long as you don’t mind fragile technology sharing the same region of space as some very large rocks, with an occasional new rocky friend getting drawn into the Lagrange point.
Stuff in Lagrange Points
A quick look at the Wikipedia list of objects at Lagrange points provides a long list past and current natural and artificial objects at these locations, across a variety of system. Sticking to just the things that we humans have built and sent into the Final Frontier, we can see that only the Sun-Earth and Earth-Moon systems have so far seen their Lagrange points collect more than space rocks and dust.
These will be joined if things go well by IMAP in 2025 along with SWFO-L1, NEO Surveyor in 2027. These spacecraft mostly image the Sun, monitor solar wind, image the Earth and its weather patterns, for which this L1 point is rather excellent. Of note here is that strictly taken most of these do not simply linger at the L1 point, but rather follow a Lissajous orbit around said Lagrange point. This particular orbital trajectory was designed to compensate for the instability of the L1-3 points and minimize the need for course corrections.
Moving on, the Sun-Earth L2 point is also rather busy:
Many of the planned spacecraft that should be joining the L2 point are also observatories for a wide range of missions, ranging from general observations in a wide range of spectra to exoplanet and comet hunting.
Despite the distance and hazards of the Sun-Earth L4 and L5 points, these host the Solar TErrestrial RElations Observatory (STEREO) A and B solar observation spacecraft. The OSIRIS-REx and Hayabusa 2 spacecraft have passed through or near one of these points during their missions. The only spacecraft planned to be positioned at one of these points is ESA’s Vigil, which is scheduled to launch by 2031 and will be at L5.
Contour plot of the Earth-Moon Lagrange points. (Credit: NASA)
Only the Moon’s L2 point currently has a number of spacecraft crowding about, with NASA’s THEMIS satellites going through their extended mission observations, alongside the Chinese relay satellite Queqiao-2 which supported the Chang’e 6 sample retrieval mission.
In terms of upcoming spacecraft to join the sparse Moon Lagrange crowd, the Exploration Gateway Platform was a Boeing-proposed lunar space station, but it was discarded in favor of the Lunar Gateway which will be placed in a polar near-rectilinear halo orbit (NRHO) with an orbital period of about 7 days. This means that this space station will cover more of the Moon’s orbit rather than remain stationary. It is intended to be launched in 2027, as part of the NASA Artemis program.
Orbital Mechanics Fun
The best part of orbits is that you have so many to pick from, allowing you to not only pick the ideal spot to idle at if that’s the mission profile, but also to transition between them such as when traveling from the Earth to the Moon with e.g. a trans-lunar injection (TLI) maneuver. This involves a low Earth orbit (LEO) which transitions into a powered, high eccentric orbit which approaches the Moon’s gravitational sphere of influence.
Within this and low-energy transfer alternatives the restricted three-body problem continuously applies, meaning that the calculations for such a transfer have to account for as many variables as possible, while in the knowledge that there is no perfect solution. With our current knowledge level we can only bask in the predictable peace and quiet that are the Lagrange points, if moving away from all those nasty gravity wells like the Voyager spacecraft did is not an option.
U.S. money transfer giant MoneyGram has confirmed that hackers stole its customers’ personal information and transaction data during a cyberattack last month.
The company said in a statement Monday that an unauthorized third party “accessed and acquired” customer data during the cyberattack on September 20. The cyberattack — the nature of which remains unknown — sparked a week-long outage that resulted in the company’s website and app falling offline.
MoneyGram says it serves over 50 million people in more than 200 countries and territories each year.
In its statement Monday, MoneyGram said its investigation is in its “early stages” and is working to determine which consumers were affected by this issue. The company did not say how many customers might be affected. When reached, MoneyGram spokesperson Sydney Schoolfield did not comment beyond the company’s statement.
The stolen customer data includes names, phone numbers, postal and email addresses, dates of birth, and national identification numbers. The data also includes a “limited number” of Social Security numbers and government identification documents, such as driver’s licenses and other documents that contain personal information, like utility bills and bank account numbers. MoneyGram said the types of stolen data will vary by individual.
MoneyGram said that the stolen data also included transaction information, such as dates and amounts of transactions, and, “for a limited number of consumers, criminal investigation information (such as fraud).”
The Department of Justice has laid out its broad-strokes plan for ending Google’s monopoly over internet search after winning its antitrust case against the company in August. The sweeping changes could end Google’s position as the default search engine on billions of devices and require the company to share key information about its search algorithms with competitors.
The regulators’ proposals, laid out Tuesday in a filing with the D.C. federal court where the antitrust case was heard, are aimed not only at rectifying Google’s past anti-competitive practices but also at preventing it from unfairly dominating emerging technologies, particularly internet searches enabled by generative AI tools.
[…]
The first step necessary to unwind Google’s illegal monopoly, according to the DOJ, will likely be to “limit or end” the company’s use of contracts and unfair revenue-sharing agreements that have enshrined Google as the pre-installed search engine on all Android devices and the Chrome browser. It could potentially also include forcing Google’s parent company, Alphabet, to split off the Android and Chrome divisions of its business.
Google’s search tools are powered by the huge amount of data its web crawlers have indexed and the ranking algorithms that prioritize which results users see first. To level the playing field for competitors, the DOJ said it might try to make the company share the indexes, search results, underlying ranking signals, and models used for Google search, including AI-powered search.
“Google’s ability to leverage its monopoly power to feed artificial intelligence features is an emerging barrier to competition and risks further entrenching Google’s dominance,” the DOJ wrote, adding that potential remedies could include prohibiting the company from signing contracts with web publishers that deny rival search engines access to their sites and forcing Google to allow publishers to opt out of having their content scraped and used to generate AI summaries at the top of search results.
The final category of remedies the DOJ proposed would aim to spread the wealth generated by advertisements attached to internet searches by making it easier for smaller competitors to enter markets without being crushed by Google’s economy of scale and by requiring Google to be more transparent with advertisers in its ad auctions.
It was revealed this weekend that Chinese hackers managed to access systems run by three of the largest internet service providers (ISPs) in the US.
What’s notable about the attack is that it compromised security backdoors deliberately created to allow for wiretaps by US law enforcement …
[…]
Apple famously refused the FBI’s request to create a backdoor into iPhones to help access devices used by shooters in San Bernardino and Pensacola. The FBI was subsequently successful in accessing all the iPhones concerned without the assistance it sought.
[…]
You cannot have an encryption system which is only a little bit insecure any more than you can be a little bit pregnant. Encryption systems are either secure or they’re not – and if they’re not then it’s a question of when, rather than if, others are able to exploit the vulnerability.
This latest case perfectly illustrates the point. The law required ISPs to create backdoors that could be used for wiretaps by US law enforcement, and hackers have now found and accessed them.
And of course the arguments against backdoors predate this statement by decades. The hangup on Apple in the article is because it’s an Apple fanboy outlet.
[…] A pro-Palestenian hacktivist group called SN_BLACKMETA has taken responsibility for the hack on X and Telegram. “They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of ‘Israel,’” the group said on X when someone asked them why they’d gone after the Archive.
The group elaborated on its reasoning in a now-deleted post on X. Jason Scott, an archivist at the Archive, screenshotted it and shared it. “Everyone calls this organization ‘non-profit’, but if its roots are truly in the United States, as we believe, then every ‘free’ service they offer bleeds millions of lives. Foreign nations are not carrying their values beyond their borders. Many petty children are crying in the comments and most of those comments are from a group of Zionist bots and fake accounts,” the post said.
SN_BLACKMETA also claimed responsibility for a six-day DDoS attack on the Archive back in May. “Since the attacks began on Sunday, the DDoS intrusion has been launching tens of thousands of fake information requests per second. The source of the attack is unknown,” Chris Freeland, Director of Library Services at the Archive said in a post about the attacks back in May.
SN_BLACKMETA launched its Telegram channel on November 23 and has claimed responsibility for a number of other attacks including a six-day DDoS run at Arab financial institutions and various attacks on Israeli tech companies in the spring.
It’s been a hard year for the Internet Archive. In July, the site went down due to “environmental factors” during a major heat wave in the U.S. Last month it lost an appeal in the lawsuit Hachette and other major publishers launched against it.
“If our patrons around the globe think this latest situation is upsetting, then they should be very worried about what the publishing and recording industries have in mind,” Kahle said in a post about the DDoS attack in May. “I think they are trying to destroy this library entirely and hobble all libraries everywhere. But just as we’re resisting the DDoS attack, we appreciate all the support in pushing back on this unjust litigation against our library and others.”
Well done SN_BLACKMETA – you have just played into Israels hands. People who were on the fence about Palestine in the West well definitely now lean towards Israel and away from Palestine 🙁
Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” reads a JavaScript alert shown on the compromised archive.org site.
JavaScript alert shown on Archive.org Source: BleepingComputer
The text “HIBP” refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.
Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
The most recent timestamp on the stolen records is September 28th, 2024, likely when the database was stolen.
[…]
Update 10/10/24: Internet Archive founder Brewster Kahle shared an update on X last night, confirming the data breach and stating that the threat actor used a JavaScript library to show the alerts to visitors.
“What we know: DDOS attacked-fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords,” reads a first status update tweeted last night.
Scientists from Duke-NUS Medical School and the University of California, Santa Cruz, have discovered the secret to regulating our internal clock. They identified that this regulator sits right at the tail end of Casein Kinase 1 delta (CK1δ), a protein which acts as a pace setter for our internal biological clock or the natural 24-hour cycles that control sleep-wake patterns and other daily functions, known as circadian rhythm.
Published in the journal PNAS, their findings could pave the way for new approaches to treating disorders related to our body clock.
CK1δ regulates circadian rhythms by tagging other proteins involved in our biological clock to fine-tune the timing of these rhythms. In addition to modifying other proteins, CK1δ itself can be tagged, thereby altering its own ability to regulate the proteins involved in running the body’s internal clock.
[…]
“Our findings pinpoint to three specific sites on CK1δ’s tail where phosphate groups can attach, and these sites are crucial for controlling the protein’s activity. When these spots get tagged with a phosphate group, CK1δ becomes less active, which means it doesn’t influence our circadian rhythms as effectively. Using high-resolution analysis, we were able to pinpoint the exact sites involved — and that’s really exciting.”
[…]
We found that the δ1 tail interacts more extensively with the main part of the protein, leading to greater self-inhibition compared to δ2. This means that δ1 is more tightly regulated by its tail than δ2. When these sites are mutated or removed, δ1 becomes more active, which leads to changes in circadian rhythms. In contrast, δ2 does not have the same regulatory effect from its tail region.”
This discovery highlights how a small part of CK1δ can greatly influence its overall activity. This self-regulation is vital for keeping CK1δ activity balanced, which, in turn, helps regulate our circadian rhythms.
The study also addressed the wider implications of these findings. CK1δ plays a role in several important processes beyond circadian rhythms, including cell division, cancer development, and certain neurodegenerative diseases. By better understanding how CK1δ’s activity is regulated, scientists could open new avenues for treating not just circadian rhythm disorders but also a range of conditions.
[…]
“Regulating our internal clock goes beyond curing jet lag — it’s about improving sleep-quality, metabolism and overall health. This important discovery could potentially open new doors for treatments that could transform how we manage these essential aspects of our daily lives.”
The researchers plan to further investigate how real-world factors, such as diet and environmental changes, affect the tagging sites on CK1δ.
Rachel L. Harold, Nikhil K. Tulsian, Rajesh Narasimamurthy, Noelle Yaitanes, Maria G. Ayala Hernandez, Hsiau-Wei Lee, Priya Crosby, Sarvind M. Tripathi, David M. Virshup, Carrie L. Partch. Isoform-specific C-terminal phosphorylation drives autoinhibition of Casein kinase 1. Proceedings of the National Academy of Sciences, 2024; 121 (41) DOI: 10.1073/pnas.2415567121
Martin Shkreli has been fighting a $64.6 million fine he acquired in 2022 for blocking affordable alternatives to Daraprim, a lifesaving antiparasitic drug. Shockingly, it turns out nobody on the Supreme Court cares to hear about it.
No justices dissented on Monday when the court said it declined to hear an appeal by representatives of the former pharmaceutical executive. In a last-ditch effort, Shkreli’s lawyers asked the Supreme Court to resolve conflicting rulings after the 2nd U.S. Circuit Court of Appeals upheld the $64.6 million order and a lifetime ban to block Shkreli from working in the drug business. Only, the conflicting rulings didn’t even exist, New York Attorney General Letitia James argued in an August brief. The Supreme Court had nothing to add when it snubbed Shkreli.
The so-called “pharma bro” rose to infamy as the chief of Turing Pharmaceuticals — later called Vyera. In 2015, the startup bought exclusive rights to Daraprim and jacked up its price from $13.50 to $750 a pill. At the time, there were no generic alternatives to the toxoplasmosis medication, which is used to treat a rare condition that affects pregnant people, babies, and people with HIV and cancer.
