Atari has just announced a renewed version of its 7800 home console from 1986. Polygon: Dubbed the 7800 Plus, the new console will launch later this winter but is already available to pre-order from Atari for $129.99. The 7800 Plus is a scaled-down version of the original hardware equipped with an HDMI connection and has the ability to play first and third-party cartridges for the Atari 2600 and 7800. Additionally, you'll have the option to play your games in their original 4:3 aspect ration, or upscale them to widescreen format. While emulators and other options for playing retro Atari games exist, playing the games on their original hardware remains the definitive way to experience many of these classic titles.

Along with its new console, Atari also announced a pair of new wireless controllers. The CX40 Plus wireless Joystick and CX78 Plus Wireless gamepad are loving recreations of the original hardware as they shipped with the Atari 2600 and 7800. Both of the new controllers are compatible with either the Atari 2600 Plus (released last year) or the new 7800 Plus consoles but can also be hooked up to your PC by using the included USB-C adapter -- they're even compatible with an original 2600 or 7800 if you have one lying around. Both peripherals are available from Atari now and cost $34.99.

An anonymous reader quotes a report from Wired: Professional cycling has, in its recent history, been prone to a shocking variety of cheating methods and dirty tricks.Performance-enhancing drugs.Tacks strewn on race courses. Even stealthy motors hidden inside of wheel hubs. Now, for those who fail to download a software patch for their gear shifters -- yes, bike components now get software updates -- there may be hacker saboteurs to contend with, too. At the Usenix Workshop on Offensive Technologies earlier this week, researchers from UC San Diego and Northeastern University revealed a technique that would allow anyone with a few hundred dollars of hardware to hack Shimano wireless gear-shifting systems (Warning: source may be paywalled; alternative source) of the kind used by many of the top cycling teams in the world, including in recent events like the Olympics and the Tour de France. Their relatively simple radio attack would allow cheaters or vandals to spoof signals from as far as 30 feet away that trigger a target bike to unexpectedly shift gears or to jam its shifters and lock the bike into the wrong gear.

The trick would, the researchers say, easily be enough to hamper a rival on a climb or, if timed to certain intense moments of a race, even cause dangerous instability. "The capability is full control of the gears. Imagine you're going uphill on a Tour de France stage: If someone shifts your bike from an easy gear to a hard one, you're going to lose time," says Earlence Fernandes, an assistant professor at UCSD's Computer Science and Engineering department. "Or if someone is sprinting in the big chain ring and you move it to the small one, you can totally crash a person's bike like that." [...] The researchers' technique exploits the increasingly electronic nature of modern high-end bicycles, which now have digital components like power meters, wireless control of fork suspensions, and wireless shifters. "Modern bicycles are cyber-physical systems," the researchers note in their Usenix paper. Almost all professional cyclists now use electronic shifters, which respond to digital signals from shifter controls on the bike's handlebars to move a bicycle's chain from gear to gear, generally more reliably than mechanical shifting systems. In recent years, those wired electronic shifters have transitioned again to wireless versions that pair via a radio connection, such as the popular Di2 wireless shifters sold by the Japanese cycling component firm Shimano, which the researchers focused on. Shimano says it has developed a firmware update to patch the exploit but it won't be available widely until late August. The update is intended to improve wireless transmission across Shimano Di2 component platforms, though specific details about the fix and how it prevents the identified attacks have not been disclosed for security reasons.

TechCrunch's Lauren Forristal reports: The U.S. Federal Trade Commission (FTC) announced on Wednesday a final rule that will tackle several types of fake reviews and prohibit marketers from using deceptive practices, such as AI-generated reviews, censoring honest negative reviews and compensating third parties for positive reviews. The decision was the result of a 5-to-0 vote. The new rule will start being enforced 60 days after it's published in the official government publication called Federal Register. [...]

According to the final rule, the maximum civil penalty for fake reviews is $51,744 per violation. However, the courts could impose lower penalties depending on the specific case. "Ultimately, courts will also decide how to calculate the number of violations in a given case," the Commission wrote. [...] The FTC initially proposed the rule on June 30, 2023, following an advanced notice of proposed rulemaking issued in November 2022. You can read the finalized rule here (PDF), but we also included a summary of it below:

- No fake or disingenuous reviews. This includes AI-generated reviews and reviews from anyone who doesn't have experience with the actual product.
- Businesses can't sell or buy reviews, whether negative or positive.
- Company insiders writing reviews need to clearly disclose their connection to the business. Officers or managers are prohibited from giving testimonials and can't ask employees to solicit reviews from relatives.
- Company-controlled review websites that claim to be independent aren't allowed.
- No using legal threats, physical threats or intimidation to forcefully delete or prevent negative reviews. Businesses also can't misrepresent that the review portion of their website comprises all or most of the reviews when it's suppressing the negative ones.
- No selling or buying fake engagement like social media followers, likes or views obtained through bots or hacked accounts.

Starting today, users of the social magazine app Flipboard can follow any federated accounts, "meaning those that participate in the social network of interconnected servers known as the fediverse," writes TechCrunch's Sarah Perez. "This now includes Threads accounts in addition to Mastodon accounts and others." From the report: With the update, which deepens Flipboard's connection with the ActivityPub social graph, any Flipboard user can follow user profiles from any other federated service. If their Flipboard account is also federated, they can interact with those users' posts and participate in conversations, as well. Flipboard's user base, however, is currently undisclosed. [...] The Flipboard app supports full fediverse integration, but the company hasn't yet allowed all users to turn on federation as it's a phased rollout. We're told the goal is to make federation a setting users can select later this year, similar to how Threads added a "fediverse sharing" option in June. When federation is enabled, people will be able to not only share to the fediverse but also see and engage with conversations around their Flipboard posts that are taking place in the fediverse.

With Tuesday's update on Flipboard, people can find and follow others in the fediverse across three areas of its app: Search, Explore and Community. In search results, Flipboard will surface federated accounts and profile results in a new section, "Fediverse Accounts." Editorial recommendations can also be found in the app's "Explore" tab under "Fediverse," and every week a new selection of accounts will be featured in the Community section. Activity from the fediverse will also be displayed in the Flipboard notifications panel, allowing people to engage and follow others in the fediverse directly from their notifications. For Flipboard users, that means they can now follow user profiles from Threads and Mastodon in the Flipboard app, including high-profile users like President Joe Biden (POTUS) and former President Barack Obama on Threads, as well as various creators, like Marques Brownlee, and journalists, like Kara Swisher.

In an interview with The Verge's Nilay Patel, Replika founder and CEO Eugenia Kuyda discusses the role AI will play in the future of human relationships. Replika is an AI-powered chatbot that offers personalized, empathetic conversations to users, serving as a virtual companion for emotional support, mental health, and social interaction. It allows users to engage in meaningful, human-like conversations, enhancing their well-being through AI-driven companionship. Here is an excerpt from the interview: Where have you landed with Replika now? Is it still sort of romantic? Is it mostly friendly? Have you gotten the user base to stop thinking of it as dating in that way?

It's mostly friendship and a long-term one-on-one connection, and that's been the case forever for Replika. That's what our users come for. That's how they find Replika. That's what they do there. They're looking for that connection. My belief is that there will be a lot of flavors of AI. People will have assistants, they will have agents that are helping them at work, and then, at the same time, there will be agents or AIs that are there for you outside of work. People want to spend quality time together, they want to talk to someone, they want to watch TV with someone, they want to play video games with someone, they want to go for walks with someone, and that's what Replika is for.

You've said "someone" several times now. Is that how you think of a Replika AI avatar -- as a person? Is it how users think of it? Is it meant to replace a person?

It's a virtual being, and I don't think it's meant to replace a person. We're very particular about that. For us, the most important thing is that Replika becomes a complement to your social interactions, not a substitute. The best way to think about it is just like you might a pet dog. That's a separate being, a separate type of relationship, but you don't think that your dog is replacing your human friends. It's just a completely different type of being, a virtual being. Or, at the same time, you can have a therapist, and you're not thinking that a therapist is replacing your human friends. In a way, Replika is just another type of relationship. It's not just like your human friends. It's not just like your therapist. It's something in between those things.

With an AI that kind of feels like a person and is meant to complement your friends, the boundaries of that relationship are still pretty fuzzy. In the culture, I don't think we quite understand them. You've been running Replika for a while. Where do you think those boundaries are with an AI companion?

I actually think, just like a therapist has agency to fire you, the dog has agency to run away or bite or shit all over your carpet. It's not really that you're getting this subservient, subordinate thing. I think, actually, we're all used to different types of relationships, and we understand these new types of relationships pretty easily. People don't have a lot of confusion that their therapist is not their friend. I mean, some people do project and so on, but at the same time, we understand that, yes, the therapist is there, and he or she is providing this service of listening and being empathetic. That's not because they love you or want to live with you. So we actually already have very different relationships in our lives. We have empathy for hire with therapists, for instance, and we don't think that's weird. AI friends are just another type of that -- a completely different type. People understand boundaries. At the end of the day, it's a work in progress, but I think people understand quickly like, 'Okay, well, that's an AI friend, so I can text or interact with it anytime I want.' But, for example, a real friend is not available 24/7. That boundary is very different. You know these things ahead of time, and that creates a different setup and a different boundary than, say, with your real friend. In the case of a therapist, you know a therapist will not hurt you. They're not meant to hurt you. Replika probably won't disappoint you or leave you. So there's also that. We already have relationships with certain rules that are different from just human friendships. The full transcript can be read here. You can also listen to the interview on the latest episode of Decoder with Nilay Patel.

According to Agrarheute, hackers launched a cyberattack on a Swiss farmer's computer system, disrupting the flow of vital data from a milking robot. Tragically, this led to the death of a cow and her calf. From the report (translated from German into English): According to the CSO, hackers attacked the computers of a farmer from Hagendorn. The dairy farmer's milking robot was also connected to these computers. When the animal owner stopped receiving milking data, he initially suspected a dead zone. But then he learned from the manufacturer of his milking system that he had been hacked. Apparently it was a ransomware attack. The hackers demanded $10,000 to decrypt the data. The farmer considered whether he should give in to the cyber criminals' demands. At first he thought the data on the amount of milk produced was bearable. In addition, the milking robot also worked without a computer or network connection. The cows could therefore continue to be milked.

For one cow , however, the cyberattack ended tragically. The farmer normally receives vital data from his cows via the system. This is particularly important and critical for pregnant animals. One cow's calf died in the womb. Because the computer was paralyzed, Bircher was unable to recognize the emergency in time. They tried everything to at least save the cow, but in the end it had to be put down. Overall, the attack caused monetary damages amounting to the equivalent of over 6,400 euros, mainly due to veterinary costs and the purchase of a new computer. However, the hackers came away empty-handed.

An anonymous reader quotes a report from Ars Technica: Hackers delivered malware to Windows and Mac users by compromising their Internet service provider and then tampering with software updates delivered over unsecure connections, researchers said. The attack, researchers from security firm Volexity said, worked by hacking routers or similar types of device infrastructure of an unnamed ISP. The attackers then used their control of the devices to poison domain name system responses for legitimate hostnames providing updates for at least six different apps written for Windows or macOS. The apps affected were the 5KPlayer, Quick Heal, Rainmeter, Partition Wizard, and those from Corel and Sogou.

Because the update mechanisms didn't use TLS or cryptographic signatures to authenticate the connections or downloaded software, the threat actors were able to use their control of the ISP infrastructure to successfully perform machine-in-the-middle (MitM) attacks that directed targeted users to hostile servers rather than the ones operated by the affected software makers. These redirections worked even when users employed non-encrypted public DNS services such as Google's 8.8.8.8 or Cloudflare's 1.1.1.1 rather than the authoritative DNS server provided by the ISP. "That is the fun/scary part -- this was not the hack of the ISPs DNS servers," Volexity CEO Steven Adair wrote in an online interview. "This was a compromise of network infrastructure for Internet traffic. The DNS queries, for example, would go to Google's DNS servers destined for 8.8.8.8. The traffic was being intercepted to respond to the DNS queries with the IP address of the attacker's servers."

In other words, the DNS responses returned by any DNS server would be changed once it reached the infrastructure of the hacked ISP. The only way an end user could have thwarted the attack was to use DNS over HTTPS or DNS over TLS to ensure lookup results haven't been tampered with or to avoid all use of apps that deliver unsigned updates over unencrypted connections. As an example, the 5KPlayer app uses an unsecure HTTP connection rather than an encrypted HTTPS one to check if an update is available and, if so, to download a configuration file named Youtube.config. StormBamboo, the name used in the industry to track the hacking group responsible, used DNS poisoning to deliver a malicious version of the Youtube.config file from a malicious server. This file, in turn, downloaded a next-stage payload that was disguised as a PNG image. In fact, it was an executable file that installed malware tracked under the names MACMA for macOS devices or POCOSTICK for Windows devices. As for the hacked ISP, the security firm said "it's not a huge one or one you'd likely know."

"In our case the incident is contained but we see other servers that are actively serving malicious updates but we do not know where they are being served from. We suspect there are other active attacks around the world we do not have purview into. This could be from an ISP compromise or a localized compromise to an organization such as on their firewall."

A proposed European Union law seeks to ensure that video games sold or licensed in the EU remain playable even if servers are shut down or studios close. The law would require publishers of sold and free-to-play games with microtransactions to provide resources to keep games functional, such as allowing players to host their own servers. Through a process called the "European Citizens Initiative," the petition needs one million signatures just to have a chance at becoming law. PC Gamer reports: "An increasing number of publishers are selling videogames that are required to connect through the internet to the game publisher, or 'phone home' to function," the petition reads. "While this is not a problem in itself, when support ends for these types of games, very often publishers simply sever the connection necessary for the game to function, proceed to destroy all working copies of the game, and implement extensive measures to prevent the customer from repairing the game in any way."

Understanding that developers and publishers can't support games forever, the initiative would expect "the publisher to provide resources for the said videogame once they discontinue it while leaving it in a reasonably functional (playable) state." That means giving players the tools to host the game on their own servers, for example, and removing the requirement for games to connect to the publisher's (defunct) servers in order to be played. This is what the developer behind Knockout City did when it pulled the plug on the game's official servers.

Not only does this initiative apply to games that are sold, but includes free to play games that have microtransactions for assets (like skins) or other paid-for features. The thought is, if you purchase an item in a free game, you should have the right to continue to use it indefinitely -- which means keeping that free game playable in some form. It's important to note that even a million signatures doesn't mean an automatic win, just that it'll go forward to the European Union as a proposal to become a law.

The Justice Department has ramped up the case to ban TikTok, saying in a court filing Friday that allowing the app to continue operating in its current state could result in voter manipulation in elections. From a report: The filing was made in response to a TikTok lawsuit attempting to block the government's ban. The Justice Department warned that the app's algorithm and parent company ByteDance's alleged ties to the Chinese government could be used for a "secret manipulation" campaign.

"Among other things, it would allow a foreign government to illicitly interfere with our political system and political discourse, including our elections...if, for example, the Chinese government were to determine that the outcome of a particular American election was sufficiently important to Chinese interests," the filing said. Under a law passed in April, TikTok has until January 2025 to find a new owner or it will be banned in the U.S. The company is suing to have that law overturned, saying it violates the company's First Amendment rights. The Justice Department disputed those claims. "The statute is aimed at national-security concerns unique to TikTok's connection to a hostile foreign power, not at any suppression of protected speech," officials wrote.

Is Ford trying to patent a way for its cars to report speeding drivers to the police? An article in Motor Authority notes that this patent application from Ford was filed January 12th of 2023 — and just published 11 days ago by the U.S. Patent and Trademark Office: In the application, Ford discusses using cars to monitor each other's speeds. If one car detects that a nearby vehicle is being driven above the posted limit, it could use onboard cameras to photograph that vehicle. A report containing both speed data and images of the targeted vehicle could then be sent directly to a police car or roadside monitoring units via an Internet connection, according to Ford. Using vehicles for speed surveillance would make cops' jobs easier, as they wouldn't have to quickly identify speeding violations and take off in pursuit, Ford notes in the application. It also means some of that work could be delegated to self-driving cars, which could be equipped to detect speeding violations, the automaker adds...

Ford has also tried to patent a "night drive mode" that would limit vehicle speeds at night for everyone — including first responders.
Thanks to long-time Slashdot reader schwit1 for sharing the article.

An anonymous reader quotes a report from the New York Times: If you drive a car made by General Motors and it has an internet connection, your car's movements and exact location are being collected and shared anonymously with a data broker. This practice, disclosed in a letter (PDF) sent by Senators Ron Wyden of Oregon and Edward J. Markey of Massachusetts to the Federal Trade Commission on Friday, is yet another way in which automakers are tracking drivers (source may be paywalled; alternative source), often without their knowledge. Previous reporting in The New York Times which the letter cited, revealed how automakers including G.M., Honda and Hyundai collected information about drivers' behavior, such as how often they slammed on the brakes, accelerated rapidly and exceeded the speed limit. It was then sold to the insurance industry, which used it to help gauge individual drivers' riskiness.

The two Democratic senators, both known for privacy advocacy, zeroed in on G.M., Honda and Hyundai because all three had made deals, The Times reported, with Verisk, an analytics company that sold the data to insurers. In the letter, the senators urged the F.T.C.'s chairwoman, Lina Khan, to investigate how the auto industry collects and shares customers' data. One of the surprising findings of an investigation by Mr. Wyden's office was just how little the automakers made from selling driving data. According to the letter, Verisk paid Honda $25,920 over four years for information about 97,000 cars, or 26 cents per car. Hyundai was paid just over $1 million, or 61 cents per car, over six years. G.M. would not reveal how much it had been paid, Mr. Wyden's office said. People familiar with G.M.'s program previously told The Times that driving behavior data had been shared from more than eight million cars, with the company making an amount in the low millions of dollars from the sale. G.M. also previously shared data with LexisNexis Risk Solutions. "Companies should not be selling Americans' data without their consent, period," the letter from Senators Wyden and Markey stated. "But it is particularly insulting for automakers that are selling cars for tens of thousands of dollars to then squeeze out a few additional pennies of profit with consumers' private data."

An anonymous reader quotes a report from The Conversation, written by Michael W. Crowder, Professor of Chemistry and Biochemistry and Dean of the Graduate School at Miami University: For many people, the aroma of freshly brewed coffee is the start of a great day. But caffeine can cause headaches and jitters in others. That's why many people reach for a decaffeinated cup instead. I'm a chemistry professor who has taught lectures on why chemicals dissolve in some liquids but not in others. The processes of decaffeination offer great real-life examples of these chemistry concepts. Even the best decaffeination method, however, does not remove all of the caffeine -- about 7 milligrams of caffeine usually remain in an 8-ounce cup. Producers decaffeinating their coffee want to remove the caffeine while retaining all -- or at least most -- of the other chemical aroma and flavor compounds.

Decaffeination has a rich history, and now almost all coffee producers use one of three common methods. All these methods, which are also used to make decaffeinated tea, start with green, or unroasted, coffee beans that have been premoistened. Using roasted coffee beans would result in a coffee with a very different aroma and taste because the decaffeination steps would remove some flavor and odor compounds produced during roasting. Here's a summary of each method discussed by Dr. Crowder:

The Carbon Dioxide Method: Developed in the early 1970s, the carbon dioxide method uses high-pressure CO2 to extract caffeine from moistened coffee beans, resulting in coffee that retains most of its flavor. The caffeine-laden CO2 is then filtered out using water or activated carbon, removing 96% to 98% of the caffeine with minimal CO2 residue.

The Swiss Water Process: First used commercially in the early 1980s, the Swiss water method uses hot water and activated charcoal filters to decaffeinate coffee, preserving most of its natural flavor. This chemical-free approach removes 94% to 96% of the caffeine by soaking the beans repeatedly until the desired caffeine level is achieved.

Solvent-Based Methods: Originating in the early 1900s, solvent-based methods use organic solvents like ethyl acetate and methylene chloride to extract caffeine from green coffee beans. These methods remove 96% to 97% of the caffeine through either direct soaking in solvent or indirect treatment of water containing caffeine, followed by steaming and roasting to ensure safety and flavor retention.

"It's chemically impossible to dissolve out only the caffeine without also dissolving out other chemical compounds in the beans, so decaffeination inevitably removes some other compounds that contribute to the aroma and flavor of your cup of coffee," writes Dr. Crowder in closing. "But some techniques, like the Swiss water process and the indirect solvent method, have steps that may reintroduce some of these extracted compounds. These approaches probably can't return all the extra compounds back to the beans, but they may add some of the flavor compounds back."

"More pieces of a broken wind turbine off the coast of Massachusetts are falling into the Atlantic Ocean," reports CBS News on Thursday. "The CEO of Vineyard Wind was at Nantucket's Select Board meeting Wednesday evening, apologizing and answering questions about the initial break when he suddenly had to leave because the situation is getting worse."

CNN reports the debris has been "prompting beach closures and frustrating locals at the peak of the summer season" since the blade broke a week ago, and then folded over: Since then, foam debris and fiberglass — including some large and dangerously sharp pieces — have washed onto beaches. A "significant part" of the remaining damaged blade detached from the turbine early Thursday morning, Vineyard Wind said in a news release. The US Coast Guard confirmed to CNN it has located a 300-foot piece of the blade.

There are few answers to what caused the turbine to fail, and the incident has prompted questions and anger from city officials and Nantucket residents... The shards of turbine forced officials to close beaches earlier this week, though they have since reopened. [Nantucket select board chair Brooke Mohr] said the town would monitor for additional debris and adjust schedules accordingly. "Public safety is our most immediate concern, these fiberglass pieces are quite sharp," Mohr said, making swimming unsafe...

The federal government is conducting its own investigation and has ordered Vineyard Wind to stop all its wind turbines producing electricity until it can be determined whether any other blades were impacted, a Bureau of Safety and Environmental Enforcement spokesperson said in a statement. The federal government has also ordered the companies to preserve any equipment that could help determine the cause of the failure. The federal suspension order effectively halts further construction on Vineyard Wind, the first large-scale wind farm being installed in the US. The wind farm, a joint venture of Avangrid and Copenhagen Infrastructure Partners, has 10 turbines up and running so far with plans to install 62 total...

The project was set to double the number of turbines spinning off the East Coast, and state leaders in Massachusetts have viewed it as a big boost to the state's ability to generate electricity. Now the project is in limbo, and could remain so until the investigation is complete.
The article quotes the head of government affairs at wind blade manufacturer GE Vernova as saying a breaking wind turbine is "highly unusual and rare." But Vineyard Wind CEO Klaus Skoust Møller called it a "very serious situation" and apologized to local residents.

Meanwhile, the Boston Herald reported Friday that the Nantucket Select Board "is set to pursue litigation against the wind energy company in connection to the blade failure..." Town officials, residents and local mariners have all said they didn't learn of the incident until Monday evening, roughly 48 hours after the fact and just hours before debris started to wash ashore, prompting beaches to close Tuesday...

The "significant portion" of the 107-meter blade that detached from the turbine Thursday morning sunk to the ocean floor. Crews were slated to recover the fiberglass "in due course," town officials wrote in a Friday update... Residents are not taking kindly to Vineyard Wind's assertion that the debris — fiberglass fragments ranging in size from small pieces to larger sections, typically green or white — is not toxic. Vineyard Wind has deployed a crew of 56 contractors to assist in the cleanup of the island's beaches, and town officials said Friday that no town staff are actively engaged in removing the debris. The wind energy company reported Wednesday that crews had removed 17 cubic yards of debris, enough to fill more than six truckloads.
"The joint venture of Connecticut-based Avangrid and Denmark-based Copenhagen Infrastructure Partners is developing a plan to test water quality around the island while working on a process for financial claims."

Oracle agreed to pay $115 million to settle a lawsuit accusing the database software and cloud computing company of invading people's privacy by collecting their personal information and selling it to third parties. Reuters: The plaintiffs, who otherwise have no connection to Oracle, said the company violated federal and state privacy laws and California's constitution by creating unauthorized "digital dossiers" for hundreds of millions of people. They said the dossiers contained data including where people browsed online, and where they did their banking, bought gas, dined out, shopped and used their credit cards. Oracle then allegedly sold the information directly to marketers or through products such as ID Graph, which according to the company helps marketers "orchestrate a relevant, personalized experience for each individual."

In its latest State of Application Security Report, Cloudflare says 6.8% of traffic on the internet is malicious, "up a percentage point from last year's study," writes ZDNet's Steven Vaughan-Nichols. "Cloudflare, the content delivery network and security services company, thinks the rise is due to wars and elections. For example, many attacks against Western-interest websites are coming from pro-Russian hacktivist groups such as REvil, KillNet, and Anonymous Sudan." From the report: [...] Distributed Denial of Service (DDoS) attacks continue to be cybercriminals' weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year. But it's not just about the sheer volume of DDoS attacks. The sophistication of these attacks is increasing, too. Last August, Cloudflare mitigated a massive HTTP/2 Rapid Reset DDoS attack that peaked at 201 million requests per second (RPS). That number is three times bigger than any previously observed attack.

The report also highlights the increased importance of application programming interface (API) security. With 60% of dynamic web traffic now API-related, these interfaces are a prime target for attackers. API traffic is growing twice as fast as traditional web traffic. What's worrying is that many organizations appear not to be even aware of a quarter of their API endpoints. Organizations that don't have a tight grip on their internet services or website APIs can't possibly protect themselves from attackers. Evidence suggests the average enterprise application now uses 47 third-party scripts and connects to nearly 50 third-party destinations. Do you know and trust these scripts and connections? You should -- each script of connection is a potential security risk. For instance, the recent Polyfill.io JavaScript incident affected over 380,000 sites.

Finally, about 38% of all HTTP requests processed by Cloudflare are classified as automated bot traffic. Some bots are good and perform a needed service, such as customer service chatbots, or are authorized search engine crawlers. However, as many as 93% of bots are potentially bad.

OpenAI CEO Sam Altman and businesswoman Arianna Huffington have announced they're working on an "AI health coach" via Thrive AI Health. According to a Time magazine op-ed, the two executives said that the bot will be trained on "the best peer-reviewed science" alongside "the personal biometric, lab, and other medical data you've chosen to share with it." The Verge reports: The company tapped DeCarlos Love, a former Google executive who previously worked on Fitbit and other wearables, to be CEO. Thrive AI Health also established research partnerships with several academic institutions and medical centers like Stanford Medicine, the Rockefeller Neuroscience Institute at West Virginia University, and the Alice L. Walton School of Medicine. (The Alice L. Walton Foundation is also a strategic investor in Thrive AI Health.) Thrive AI Health's goal is to provide powerful insights to those who otherwise wouldn't have access -- like a single mother looking for quick meal ideas for her gluten-free child or an immunocompromised person in need of instant advice in between doctor's appointments. [...]

The bot is still in its early stages, adopting an Atomic Habits approach. Its goal is to gently encourage small changes in five key areas of your life: sleep, nutrition, fitness, stress management, and social connection. By making minor adjustments, such as suggesting a 10-minute walk after picking up your child from school, Thrive AI Health aims to positively impact people with chronic conditions like heart disease. It doesn't claim to be ready to provide real diagnosis like a doctor would but instead aims to guide users into a healthier lifestyle. "AI is already greatly accelerating the rate of scientific progress in medicine -- offering breakthroughs in drug development, diagnoses, and increasing the rate of scientific progress around diseases like cancer," the op-ed read.