Starting to look like a DNSSec key rotation failure, but that could also be connected to attempts to further fsck with the privacy and security of DNS within Russia as well. (I'm assuming most internal servers are already backdoored to quite some degree):

https://dnsviz.net/d/ru/ZbjruA/dnssec/
https://dnsviz.net/d/ru/ZbkVXw/dnssec/

My first thought on this was that they're possibly structures that from the Cosmic Web, albeit perhaps larger than anything found so far, or possibly predicted by current models, hence the fuss.

Turns out, they actually do fit within the scales of that theory, and indeed are far from the only, or even the largest such structures found. That honour (currently) goes to the Hercules–Corona Borealis Great Wall, which is around 10 billion light years in length - over three times the size of these. There are some questions over the accuracy of this, however, but these are still not the largest known structures identified to date. The early reporting of this was a several days ago, as you might expect for a Slashdot post, and I've yet to see much mention of the Cosmic Web in the reporting, even in an interview with the discover of these two structures, despite the fact that it does allow for - and numerous examples have been found of - structures on this kind of scale.

So, we have an existing theory, that is quite widely accepted in cosmological circles, that allows for structures of this scale, multiple examples of such structures have been identified, including much larger than the two examples given, and it's not even being discussed if only to rule it out. Other than the local angle (first I was aware of this was on local news of all places, because UCLan is just up the road), perhaps some one more schooled in cosmology could clarify; is this just sloppy reporting for the masses, or are we genuinely looking at something else here?

Absolutely. That's the problem I have with all these "security scanners"; they make it almost impossible to see the initial essentially harmless recon before the real attack comes, thereby making firewall logs almost useless as a tool for detecting genuine attacks, and for what? What does it matter whether there are 100 or 100,000,000 servers susceptible to a given zero-day exploit or whatever they're scanning for; it's a useless data point that CxOs that should know better are apparently willing a lot of money for if it's presented in a nice glossy report. Those servers will either be patched before they're exploited or they won't, and if they're not, then they'll be used to steal data, launch attacks/spam, or mine crypto. Big whoop! That doesn't help you secure your own networks, it doesn't tell you whether you are vulnerable or not, and $deity help you if you're relying on a third party to tell you if you're vulnerable, let alone need to do anything about it. Security, of any kind, is NOT a field where you can afford to be reactive except when you absolutely have to be, e.g. for zero day exploits, and you should already have mitigations in place for that scenario anyway.

You know what does give you a heads up though? A honeypot. I've been deploying one of these on a dedicated port on almost every firewall I've deployed for many years now. Set one up as an apparent soft target, on a Raspberry Pi or any other dedicated bit of hardware you can quickly isolate if needed, and it'll absolutely tell you when the real attacks inevitably happen. A little shell scripting, and you can pump those IPs or subnets straight into an IPset or whatever on your firewalls and other security appliances within seconds of the first serious probes and hopefully cut them off before anything that actually matters gets hit. If, as you suggest, you can supplement that IPset with some judicious broadbrush white/blacklisting as well, then so much the better.

Also an epic fail is claiming a ping, scan of a specific TCP/UDP port, or whatever, is a "cyber attack", which is the only way you're going to get to 45 billion "cyberattacks" in a day, even for a company the size of JP Morgan. If my own logs are anything to go by, most[*] of these will actually be security/vulnerability scanners like Shodan, ShadowServer, and the like anyway. Some of those are *incredibly* persistant as well; often several probes a day per IP:port.

When you connect to the Internet, the Internet connects to *you*; it might not be pretty, but you just have to deal with it or GTFO. Of course, JP Morgan won't do that and will no double claim *trillions* of cyberattacks a day if enough clueless script kiddies with a fat pipe and zmap decide to try and scan their IPv6 ranges.

[*] Just for grins, I did programmatically work through a few weeks of firewall logs from a public facing IPv4 subnet some time ago. Just from RDNS and Whois, I was able to tie ~60% of the connection requests and pings dropped by the firewall to those so-called security scanners. A lot of those looked to be somewhat sketchy, and some very much so, but they did at least put on that veneer of being "legit". The rest was a long tail anonymised Whois, missing or generic RDNS, and compromised machines on obvious eyeball networks. Good luck identifying the genuine threats hidden in all that clutter, although having a honey pot does help somewhat.

Not a problem, Ubisoft! I'm already entirely comfortable with not owning any of your games. I'm also even more comfortable with not renting them either, so it looks like we both get what we want, right?

Seriously, name me one, just *one*, digital media rental/subscription service (any media) that hasn't fucked over its customers financially in some way, arbitrarily pulled content, failed to provide the promised feature updates that the revenue of a subscription service is supposed to provide, decided to further pad their wallets by adding ads to a supposedly "fully paid-for" service (and that includes gratuitous product placement, you asshats), sold your personal data to AdTech, outright shut-up shop and effectively done a rug-pull, or otherwise moved the goalposts to their exclusive benefit. I'll give you that some services are actually OK for *some* of those things (at least so far, see "goalposts"), and I don't hold it against them for wanting to make a profit either, but they either provide a reasonable quid pro quo, including at least partial credits for any withdrawn content, or we should all be going elsewhere.

For gaming, "elsewhere" currently seems to be a fairly small, and steadily evaporating pool of commercial service providers (I personally think GOG is on the right side of the line still), community driven projects to remake classic games in some way, total conversions, and various open source projects. And sites like The Pirate Bay, of course, which also usually often means the download is free of DRM and runs better, especially if Denuvo is involved. If you take the time to look, there's plenty to be going on with and a lot of enjoyment to be had there, as long as you're not one of those who has to have the latest and greatest AAA franchise title, no matter how much it's really just more of the same only with flashier graphics and a bit more depth. Sadly, it appears that there are still enough suckers with more money than sense that Ubisoft are going to keep reducing the amount of lube they're using to screw their customers over with for quite some time yet.

Sure, but usage cases are key. It probably is just a matter of time, but quantum computers are starting to get the same vibe as fusion power or room temperature superconductors, although perhaps not quite to the same extent yet; they've all been "within the next X years" for many multiples of "X". The FUD, shilling, and outright crackpottery is definitely starting to get the same vibe too.

Still, sooner or later (and very probably "later"), we probably will get quantum computers capable of reversing today's encryption at least to some kind of meaningful extent. For a lot of encrytpted data in existence today, that won't matter in the slightest, but there are definitely usage cases where you would not want today's data decrypted within the potential timescales of that happening, and that's where the focus on moving to a "post-quantum world" now is mostly focussed; data with national security implications, mostly. Of couse, the waters of somewhat muddied by noone really knowing when the post-quantum world will begin, or even what it might look like for that matter, so that provides a lot of the opportunities for selling snake oil we're now clearly seeing.

There are a few encryption algorithms that - so far at least - seem like they are not susceptible to breaking with Shor's Algorithm or similar quantum approaches but, AFAIK, no one is able to mathematically prove any of them beyond all doubt, so caveat emptor definitely applies. Most current implementations of AES are not in this group, but given a suitably large key size it is thought (see above re. mathematical proof) that you'd need more qubits than is likely to be practical for some time to break it. There is one algorithm that is definitely quantum-safe though; OTPs using datasets of arbitrary length. Encryption schemes that XOR against pre-sampled whitenoise have been around for decades, well before quantum computers became a realistic proposition, but only in niche applications where the logistical overhead of managing and securing the OTP data makes it worthwhile.

Plus just about every foreign agent looking to score a piece of the stealth coating and tech for later analysis, of course.

Seriously, jokes about AirTags aside, this is supposed to be about the most connected combat aircraft ever. The pilot might be gone, but surely that should start the telemetry phoning home right until the impact so that special forces can go in and destroy the wreckage should one ever go down in a hostile combat zone? Also, there was supposedly a second F35 in the air that safely returned to base - unless it bingo fuel, then perhaps it might have been a good idea to see where the sticken plane went down, or at least get a decent idea of its course.

Just goes to show what a huge gap there is between Hollywood and real life, I guess. Also, what are rules on legitimate salvage, again? Asking for a friend.

Seems like it. Judges of photo competitions often do have to make snap judgements due to the volume of entries, but after all the furore over the deliberately submitted AI-generated image recently you'd think they'd take a little more care that had already passed the first hurdle and caught their eye. Would have been trivial to do as well; ask her where was it taken, then contact the gallery and ask if the image is a real exhibit. Done.

Also, they demonstrated they don't know WTF they are talking about when it comes to screening AI in the first place. Two mannequins, one human. Six hands. AI can't do hands for shit, so if everyone/thing had five digits per hand of realistic proportions and orientations, then it's almost certainly not an AI image. QED. :)

More like the FDA didn't really understand what the WHO was saying, or deliberately chose not to because lobby^w reasons.

WHO's statement was based on analysis of what even they admit is *very* sketchy data from animal studies indicating a possible correlation between aspartame and an increased risk of cancer and only then at ridiculously high levels of consumption that you'd really struggle to meet, so they've given it the lowest possible risk rating and suggested further studies and do no recommend that anyone needs to change their dietry habits. That seems perfectly fair to me.

Also, judging by all the rows of energy drinks and so on that tend to feature in the new reports of this, if you were consuming enough aspartame to be at risk then you'd probably have far bigger dietry health issues to have to worry about cancer, because you're probably going die of those long before the cancer becomes a problem.

Yep. That's definitely the way to go for this, but it's not without a few challenges, not least of which will be getting everyone to agree on a common format for the battery pack, fitting brackets, connector(s), and management interface. Also, since we're potentially talking a several 100kg of cells in total, that's probably not something many EV owners will want, or be able, to add and remove on at home on a regular basis, and a trip to a dealer or suitable service station before and after any longer range trips isn't ideal either. I suspect most users in that circumstance would fit all the battery packs they can and be done with it, entirely negating the benefit of not having to lug around 100s of kg of batteries they don't need, and working the cells you are using even harder to do so. Still, at least they'd be able to more easily swap them out when they deteriortate, which is at least a step up from where we are now.

Now, if you could combine this with the mooted instant EV-top up idea of simply driving into a bay and having your nearly depleted battery packs replaced with fully-charged ones in a couple of minutes, e.g. "replace my current battery pack(s) and fill another X of the remaining banks as well", then we're talking. There are a prototypes of this, and some Chinese EVs apparently use it, but everywhere else seems to be deadset on rolling out high-capacity CCS/NACS charging infrastructure instead. That's means there's a lot of investment and infrastructure that'll presumably become essentially redundant if this ever takes off, so those with their money on the line are going to fiercely oppose this idea. It'll also require another couple of shifts in mindset; to one where you don't actually own the battery packs but only lease them and pay for the charge they contain, and deciding on how a new EV is configured at the dealer, where perhaps a car comes with a built-in pack as standard, and/or just one or two removable packs fitted out of several potential slots.

Maybe, but stealing a Kia really is a victimless crime. :)

My first thought was "Logan's Run", but I've not read the book so I don't know which show is closer to Wool/Silo's plot.

Actually, I can well believe that many - and probably nearly all - of the streaming services are burning cash. It takes a considerable amount of time and money to commision and develop a show to the point you even have a pilot, and then many shows fall at that hurdle and never see the light of day. Then you go to series. Great, you now have something that can generate some revenue. Except maybe you don't - it's the old saying about having hundreds of cable channels to choose from but there's still nothing on you actually want to watch - there are simply too many channels, and most of them have a few decent shows for a given viewer and a *lot* of filler.

Sure, you have hit shows like "The Night Agent" that might make hundreds of millions, or more, but how much was spent on all the detritus that makes up the rest of the content? A lot of that is probably cheap to produce, especially some of the reality stuff where you're not paying a lot of professional actors their going rates and use a lot of FX (HBO's per-episode costs for shows like "Game of Thrones" and "Westworld" are insane), but the same principle applies - if the show's not successful, then you don't get the viewers, and you don't get the higher-paying ads either. You might pay millions for 30s during the Superbowl break and get flashy ads from well known brands as a result, but that random reality show only a handful of people watch won't be anything like that lucrative.

Sympathy for their plight though? Nope. Fuck 'em! Viewers were *very* clear what they wanted when they talked about a la carte cable subscriptions, and it was the ability to pick and choose so they didn't have to pay for content they didn't want. Netflix et. al tweaked that model slightly, but you're still paying for a package whose contents is entirely up to them, only now you're being nickel-and-dimed to death as well because you need so many subscriptions to get all the shows you want to see, and you're still getting a load more crap content you don't want with it as well. Pay-per-view/series models might work a bit better in theory, and is closer to what was asked for, but the pricing is still way off-base and if you tot up the numbers it works out at an awfully expensive way to watch TV.

Barring market-driven consolidation (read "smaller players going bust/getting bought out") They need to figure out a better a la carte model, and cross-license more shows so that viewers don't need as many subscriptions. If they can't (or won't) do that, then it's their own fault if so many people are seeing torrents and rolling the dice with the **AAs etc. as a viable alternative.

Similar here. LLMs are far from perfect, but have gone from an academic toy to mainstream product incredibly fast, and with almost no legal, privacy, or other safeguards and regulatory frameworks in place. We've already had companies announcing large scale job cuts because of AI, and almost certainly are going to see a lot more similar job disruption over the next few years. AI could help facilitate a move to a four day week and letting the workforce focus on tasks more suited to human ingenuity and inspiration, but I suspect companies are not going to look at it that way and just see it as a means to reduce headcount and boost the bottom line. Also, the the tech is going to get weaponised by state actors given that it's already has been used to help push malware and other scams.

That said, you do have to wonder how much of the nay-saying is latter day Luddism, perhaps coloured by any number SciFi moves where AI has gone badly wrong. LLMs are clearly going to remove a lot of mundane repetitive tasks, especially for things like call screening tasks and so on, While I expect that could well be the case, Ludd's fear of the Spinning Jenny and similar machinery was set at the dawn of the industrial revolution so there was plenty of opportunity for the manual workforce to pivot into other fields (not necessarily with the same quality of life though). I'm not seeing much opportunity for a similar pivot rising from AI, and we're not looking at the boom times of an industrial revolution either; if anything we're teetering on the cusp of major global downturn, if not a full-blown recession. The timing of an upheaval of this potential magnitude could certainly be better.

Partly, but it's not so clear cut for Meta and a few others of the "any personal info we can gather is our property to sell as we see fit" crowd who have had multiple GDPR strikes. Meta (and the companies under them) is something of a repeat offender here, but there's a pretty clear pattern from wrist slaps, through "cost of doing business" territory, and now we're starting to get into levels where they might start to feel pain, especially given how they are haemorrhaging cash on Zuck's VR white elephant, but what's another billion to Meta? It's a similar pattern of increasing fines for the other repeat offenders as well; GDPR prosecutors generally seem to be quite willing to let organizations fix their problems first but, like most courts, take a very dim view on those who squander their chances and don't reform.

The requirements of GDPR were announced long before it came into force, companies had ample time to put the necessary compliance measures in place, and the ramp up in damage levied has been a lot slower than many of its privacy championing proponents would like, especially for the repeat offenders like Meta that seem to just not care. Frankly, in Meta's case, they're still getting off lightly too; six of the entries in the GDPR Top 20 list I linked above are Meta companies, and they're still only at ~1% of their annual turnover (GDPR allows for up to 4%)? If this was more conventional criminal activity a rap sheet like that would probably put them firmly into "throw away the key" territory.