An anonymous reader quotes a report from Bellingcat: For US soldiers tasked with the custody of nuclear weapons in Europe, the stakes are high. Security protocols are lengthy, detailed and need to be known by heart. To simplify this process, some service members have been using publicly visible flashcard learning apps -- inadvertently revealing a multitude of sensitive security protocols about US nuclear weapons and the bases at which they are stored. While the presence of US nuclear weapons in Europe has long been detailed by various leaked documents, photos and statements by retired officials, their specific locations are officially still a secret with governments neither confirming nor denying their presence. As many campaigners and parliamentarians in some European nations see it, this ambiguity has often hampered open and democratic debate about the rights and wrongs of hosting nuclear weapons.

However, the flashcards studied by soldiers tasked with guarding these devices reveal not just the bases, but even identify the exact shelters with "hot" vaults that likely contain nuclear weapons. They also detail intricate security details and protocols such as the positions of cameras, the frequency of patrols around the vaults, secret duress words that signal when a guard is being threatened and the unique identifiers that a restricted area badge needs to have. Like their analogue namesakes, flashcard learning apps are popular digital learning tools that show questions on one side and answers on the other. By simply searching online for terms publicly known to be associated with nuclear weapons, Bellingcat was able to discover cards used by military personnel serving at all six European military bases reported to store nuclear devices. Experts approached by Bellingcat said that these findings represented serious breaches of security protocols and raised renewed questions about US nuclear weapons deployment in Europe. The report notes that some of the flashcards "had been publicly visible online as far back as 2013," while others "detailed processes that were being learned by users until at least April 2021."

Crucially, all flashcards mentioned in the article "have been taken down from the learning platforms on which they appeared after Bellingcat reached out to NATO and the US Military for comment prior to publication," the report states.

phalse phace shares a report from the BBC: A suspected Bitcoin "mining" operation illegally stealing electricity has been found by police who were searching for a cannabis farm. Officers had been tipped off about the site on the Great Bridge Industrial Estate, Sandwell, and raided it on May 18, West Midlands Police said. Instead of cannabis plants they found a bank of about 100 computer units. The force said the cryptocurrency "mine" had effectively stolen thousands of pounds of electricity. Inquiries with network operator Western Power Distribution found an illegal connection to the electricity supply.

Detectives said they were tipped off about lots of people visiting the unit throughout the day and a police drone picked up a lot of heat coming from the building. Sgt Jennifer Griffin said, given the signs, they had expected to find a cannabis farm. "It had all the hallmarks of a cannabis cultivation set-up and I believe it is only the second such crypto mine we have encountered in the West Midlands," she said. The computer equipment has been seized but no arrests have been made, the force said.

An anonymous reader quotes a report from Wired: On Tuesday, Microsoft and OpenAI shared plans to bring GPT-3, one of the world's most advanced models for generating text, to programming based on natural language descriptions. This is the first commercial application of GPT-3 undertaken since Microsoft invested $1 billion in OpenAI last year and gained exclusive licensing rights to GPT-3. "If you can describe what you want to do in natural language, GPT-3 will generate a list of the most relevant formulas for you to choose from," said Microsoft CEO Satya Nadella in a keynote address at the company's Build developer conference. "The code writes itself."

Microsoft VP Charles Lamanna told WIRED the sophistication offered by GPT-3 can help people tackle complex challenges and empower people with little coding experience. GPT-3 will translate natural language into PowerFx, a fairly simple programming language similar to Excel commands that Microsoft introduced in March. Microsoft's new feature is based on a neural network architecture known as Transformer, used by big tech companies including Baidu, Google, Microsoft, Nvidia, and Salesforce to create large language models using text training data scraped from the web. These language models continually grow larger. The largest version of Google's BERT, a language model released in 2018, had 340 million parameters, a building block of neural networks. GPT-3, which was released one year ago, has 175 billion parameters. Such efforts have a long way to go, however. In one recent test, the best model succeeded only 14 percent of the time on introductory programming challenges compiled by a group of AI researchers. Still, researchers who conducted that study conclude that tests prove that "machine learning models are beginning to learn how to code."

In a terse court filing on Friday, the Biden administration indicated that it would continue to defend a controversial Trump administration rule that requires millions of visa applicants each year to register their social media handles with the U.S. government. From a report: The registration requirement, which stems from the Muslim ban, is the subject of an ongoing First Amendment challenge filed by the Knight Institute, the Brennan Center, and the law firm Simpson Thacher on behalf of two documentary film organizations, Doc Society and the International Documentary Association.

Big games beget big leaks, especially this time of year when the gaming industry's porous promotional machinery is revving up for the E3 trade show. From a report: It happened again Thursday when eight minutes of Ubisoft's upcoming "Far Cry 6" leaked online, a day before it was supposed to appear. It was deleted in minutes, but thousands still saw it. Big video game leaks are nearly impossible to stop. Companies have tried many things to tighten the pipes, including blacklisting press outlets and suing leakers. But the more prominent the upcoming game, the more people involved, and the higher the public curiosity, the more likely the leak.

"There's just too many opportunities for a mid level employee to have their laptop open on a plane in games," former Ubisoft creative director Alex Hutchinson told Axios, citing the notorious way the name of a previously-secretive mega-game leaked in 2013. (Sometimes those open laptops are on a subway.) The "Far Cry 6" incident appears to involve confusion over a coverage embargo date. The footage was posted to YouTube by Polish YouTuber Patryk "Rojson" Rojewski, who told Axios that he had been provided the clips by Ubisoft under an agreement that said they could run on May 27. Rojewski said he had not been told that Ubisoft changed the date. "I approach my work professionally," he said. Several minutes of video of another upcoming Ubisoft game, "The Division: Heartland," leaked two weeks ago.

Twitch has received a "batch" of new takedown notices from music publishers over copyrighted songs in recorded streams (known as VODs), the company said in an email to streamers today. From a report: The notice may be worrying for some streamers who were affected by the waves of takedowns that hit last year, because if a user gets three copyright strikes on their channel, they will be permanently banned from the platform, according to Twitch's policies. With this advance warning, it seems Twitch is trying to get ahead of a sudden flurry of takedowns and give streamers some time to remove potentially offending VODs.

"We recently received a batch of DMCA takedown notifications with about 1,000 individual claims from music publishers," Twitch said in an email Friday, which was sent to a Verge staffer. "All of the claims are for VODs, and the vast majority target streamers listening to background music while playing video games or IRL streaming." [...] In Friday's email, Twitch noted that the only way to avoid DMCA (or Digital Millennium Copyright Act) strikes is to not stream copyrighted material in the first place, and said that if a streamer does have unauthorized content in their VODs or clips, "we strongly recommend that you permanently delete anything that contains that material."

Google, Facebook, Telegram, LinkedIn and Tiger Global-backed Indian startups ShareChat and Koo have either fully or partially complied with the South Asian nation's new IT rules, TechCrunch reported Friday, citing two people familiar with the matter and a government note. From a report: India's new IT rules, unveiled in February this year, require firms to appoint and share contact details of representatives tasked with compliance, nodal point of reference and grievance redressals to address on-ground concerns. The aforementioned firms have complied with this requirement, the government note and a person familiar with the matter said. The firms were required to comply with the new IT rules by this week. Twitter has yet to comply with the rules. "Twitter sent a communication late last night, sharing details of a lawyer working in a law firm in India as their Nodal Contact Person and Grievance Officer," a note prepared by New Delhi said, adding that the rules require the aforementioned officials to be direct employees.

The Canadian astronaut, who commanded the International Space Station and recorded the famous microgravity rendition of David Bowie's Space Oddity, on Sunday spit some fire at true believers who see a link between UFOs or UAPs (for "unidentified aerial phenomena" in the newish military parlance) and some sort of alien intelligence. From a report: "Obviously, I've seen countless things in the sky that I don't understand," Chris Hadfield, a former pilot for the Royal Canadian Air Force, said during a CBC Radio call-in show.

"But to see something in the sky that you don't understand and then to immediately conclude that it's intelligent life from another solar system is the height of foolishness and lack of logic." [...] Hadfield added that he does think it's likely there's life somewhere else in the universe. "But definitively up to this point, we have found no evidence of life anywhere except Earth," he said, "and we're looking."

Harvey Schlossberg, a former New York City traffic cop with a doctorate in psychology who choreographed what became a model law enforcement strategy for safely ending standoffs with hostage takers, died on May 21 in Brooklyn. He was 85. From a report: His death, at a hospital, was caused by cardiopulmonary arrest, said his wife, Dr. Antoinette Collarini Schlossberg. The need for a standard protocol for hostage situations became more pressing in 1971 after the botched rescue of guards during the Attica prison riots in upstate New York. The next year, captives were taken in a Brooklyn bank robbery (the inspiration behind the 1975 Al Pacino film "Dog Day Afternoon") and Israeli athletes were seized and massacred by Palestinian terrorists at the Munich Olympics. In a pioneering training film he made for the New York Police Department in 1973, Harvey Schlossberg said that in a hostage situation, police officers "all believed, 'If you gave me the right gun with the right bullet, I can put everybody out.'"

"But I don't think it works that easy," he said. "That's a Hollywood thing." Instead, he counseled patience and "crisis intervention therapy." Delaying tactics, he said, allowed more time for the criminals to make mistakes and, just as crucially, to develop a rapport with their victims, leaving the hostage-takers less likely to harm them. "Harvey faced an uphill battle getting cops to 'negotiate with killers,' because for 130 years the N.Y.P.D.'s official M.O. in barricade situations had been to issue ultimatums, throw in smoke and tear gas, and, if necessary storm the building," Chuck Wexler, executive director of the Police Executive Research Forum, a law enforcement think tank, said in an email. "Many lives were lost. Harvey changed that."

An anonymous reader shares a report: Last month, security firm FireEye detected a Chinese hacking campaign that exploited a zero-day vulnerability in Pulse Secure VPN appliances to breach defense contractors and government organizations in the US and across Europe. The hacking campaign allowed the threat actors -- two groups which FireEye tracks as UNC2630 and UNC2717 -- to install web shells on Pulse Secure devices, which the attackers used to pivot to internal networks from where they stole internal network credentials, email communications, and sensitive documents.

But in a follow-up report published today, FireEye said it found something strange -- namely that at least one of the groups involved in the attacks began removing its malware from infected networks three days before its researchers exposed the attacks. "Between April 17th and 20th, 2021, Mandiant incident responders observed UNC2630 access dozens of compromised devices and remove webshells like ATRIUM and SLIGHTPULSE," researchers said on Thursday. The threat actor's actions are highly suspicious and raise questions if they knew of FireEye's probing.

Alphabet's Google is nearing a settlement of an antitrust case in France alleging the company has abused its power in online advertising, and is likely to pay a fine and make operational changes, WSJ reported Friday, citing people familiar with the matter said. From the report: The French case is one of the most advanced in the world looking at Google's dominance as a provider of tools for buying and selling ads across the web. As part of the case, France's Competition Authority alleged that the company's advertising server -- historically known as DoubleClick for Publishers (DFP) and used by most large online publishers to sell ad space -- gave Google's online ad auction house, AdX, an advantage against other auction operators, the people said.

The authority also alleged other forms of self-preferencing between Google's advertising technology tools, they added. To settle the French charges, Google has offered to improve the interoperability of AdX with advertising servers run by other companies, as well as to remove some other obstacles faced by competitors, some of the people said. The settlement still must be approved by the authority's board, which could reject the deal, the people said. If approved, the settlement could be announced in coming weeks, they said.

The global shortage of semiconductor chips could last three to six months, Logitech Chief Executive Bracken Darrell told Swiss newspaper Finanz und Wirtschaft, with some industries facing shortages of up to a year. From a report: "Like others we have felt the shortages, but we have been able to cushion them well," Darrell said in an article published on Friday. "It takes time to ramp up production but in the meantime, prices have also adjusted."

Google has shipped a new JavaScript compiler for its V8 JavaScript engine in Chrome called Sparkplug that promises a much faster web experience -- and it does it by 'cheating', according to the engineers on the project. From a report: Sparkplug is part of Chrome 91, which Google released on Tuesday with security updates but also some key changes under the hood that improve its powerful JavaScript engine, V8. Microsoft relies on V8 these days too after ditching its Chakra JavaScript engine from legacy Edge and moving to Chromium for the new Edge browser and switching to V8. Google says Chrome 91 has 23% faster performance thanks to Sparkplug's integration into V8's JavaScript pipeline.

The hackers behind one of the worst data breaches ever to hit the US government have launched a new global cyberattack on more than 150 government agencies, think tanks and other organizations, according to Microsoft. ytene shares a report: The group, which Microsoft calls "Nobelium," targeted 3,000 email accounts at various organizations this week -- most of which were in the United States, the company said in a blog post Thursday. It believes the hackers are part of the same Russian group behind last year's devastating attack on SolarWinds -- a software vendor -- that targeted at least nine US federal agencies and 100 companies.

Cybersecurity has been a major focus for the US government following the revelations that hackers had put malicious code into a tool published by SolarWinds. A ransomware attack that shut down one of America's most important pieces of energy infrastructure -- the Colonial Pipeline -- earlier this month has only heightened the sense of alarm. That attack was carried out by a criminal group originating in Russia, according to the FBI. Microsoft said that at least a quarter of the targets of this week's attacks were involved in international development, humanitarian, and human rights work, across at least 24 countries. It said Nobelium launched the attack by gaining access to a Constant Contact email marketing account used by the US Agency for International Development.