An anonymous reader quotes a report from Ars Technica: [L]ast week, researchers at Blackwing Intelligence published an extensive document showing how they had managed to work around some of the most popular fingerprint sensors used in Windows PCs. Security researchers Jesse D'Aguanno and Timo Teras write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft's own Surface Pro Type Covers. These are just three laptop models from the wide universe of PCs, but one of these three companies usually does make the fingerprint sensor in every laptop we've reviewed in the last few years. It's likely that most Windows PCs with fingerprint readers will be vulnerable to similar exploits.

Blackwing's post on the vulnerability is also a good overview of exactly how fingerprint sensors in a modern PC work. Most Windows Hello-compatible fingerprint readers use "match on chip" sensors, meaning that the sensor has its own processors and storage that perform all fingerprint scanning and matching independently without relying on the host PC's hardware. This ensures that fingerprint data can't be accessed or extracted if the host PC is compromised. If you're familiar with Apple's terminology, this is basically the way its Secure Enclave is set up. Communication between the fingerprint sensor and the rest of the system is supposed to be handled by the Secure Device Connection Protocol (SCDP). This is a Microsoft-developed protocol that is meant to verify that fingerprint sensors are trustworthy and uncompromised, and to encrypt traffic between the fingerprint sensor and the rest of the PC.

Each fingerprint sensor was ultimately defeated by a different weakness. The Dell laptop's Goodix fingerprint sensor implemented SCDP properly in Windows but used no such protections in Linux. Connecting the fingerprint sensor to a Raspberry Pi 4, the team was able to exploit the Linux support plus "poor code quality" to enroll a new fingerprint that would allow entry into a Windows account. As for the Synaptic and ELAN fingerprint readers used by Lenovo and Microsoft (respectively), the main issue is that both sensors supported SCDP but that it wasn't actually enabled. Synaptic's touchpad used a custom TLS implementation for communication that the Blackwing team was able to exploit, while the Surface fingerprint reader used cleartext communication over USB for communication. "In fact, any USB device can claim to be the ELAN sensor (by spoofing its VID/PID) and simply claim that an authorized user is logging in," wrote D'Aguanno and Teras."Though all of these exploits ultimately require physical access to a device and an attacker who is determined to break into your specific laptop, the wide variety of possible exploits means that there's no single fix that can address all of these issues, even if laptop manufacturers are motivated to implement them," concludes Ars.

Blackwing recommends all Windows Hello fingerprint sensors enable SCDP, the protocol Microsoft developed to try to prevent this exploit. PC makers should also "have a qualified expert third party audit [their] implementation" to improve code quality and security.

Anthony Levandowski, a tech entrepreneur and self-driving car pioneer, said he's rebooting his AI church in a renewed attempt at creating a religious movement focused on the worship and understanding of artificial intelligence. From a report: Levandowski's so-called Way of the Future was founded in 2015 but shut its doors a few years later. The congregation at the new church, which shares the original's name, has "a couple thousand people" coming together to build a spiritual connection between humans and AI, its founder said.

Levandowski made the remarks during an interview for the latest episode of the Bloomberg Originals series AI IRL, available to stream now. "How does a person in rural America relate to this? What does this mean for their job?" he said. "Way of the Future is a mechanism for them to understand and participate and shape the public discourse as to how we think technology should be built to improve you."

The existence of the original church became public in 2017, years before the viral success of ChatGPT brought AI into mainstream consciousness. Levandowski's idea raised eyebrows, both because of the church's focus on "the realization, acceptance, and worship of a Godhead based on Artificial Intelligence developed through computer hardware and software," and because of Levandowski himself. At the time, he was at the center of a high-profile legal battle related to the theft of trade secrets, sentenced to 18 months in prison, then pardoned by former President Donald Trump.

An anonymous reader quotes a report from The Intercept: A joint project of Human Rights Watch and New York University to document human rights abuses in the Democratic Republic of the Congo has been taken offline after exposing the identities of thousands of vulnerable people, including survivors of mass killings and sexual assaults. The Kivu Security Tracker is a "data-centric crisis map" of atrocities in eastern Congo that has been used by policymakers, academics, journalists, and activists to "better understand trends, causes of insecurity and serious violations of international human rights and humanitarian law," according to the deactivated site. This includes massacres, murders, rapes, and violence against activists and medical personnel by state security forces and armed groups, the site said. But the KST's lax security protocols appear to have accidentally doxxed up to 8,000 people, including activists, sexual assault survivors, United Nations staff, Congolese government officials, local journalists, and victims of attacks, an Intercept analysis found. Hundreds of documents -- including 165 spreadsheets -- that were on a public server contained the names, locations, phone numbers, and organizational affiliations of those sources, as well as sensitive information about some 17,000 "security incidents," such as mass killings, torture, and attacks on peaceful protesters.

The data was available via KST's main website, and anyone with an internet connection could access it. The information appears to have been publicly available on the internet for more than four years. [...] The spreadsheets, along with the main KST website, were taken offline on October 28, after investigative journalist Robert Flummerfelt, one of the authors of this story, discovered the leak and informed Human Rights Watch and New York University's Center on International Cooperation. HRW subsequently assembled what one source close to the project described as a "crisis team." Last week, HRW and NYU's Congo Research Group, the entity within the Center on International Cooperation that maintains the KST website, issued a statement that announced the takedown and referred in vague terms to "a security vulnerability in its database," adding, "Our organizations are reviewing the security and privacy of our data and website, including how we gather and store information and our research methodology." The statement made no mention of publicly exposing the identities of sources who provided information on a confidential basis. [...] The Intercept has not found any instances of individuals affected by the security failures, but it's currently unknown if any of the thousands of people involved were harmed. "We deeply regret the security vulnerability in the KST database and share concerns about the wider security implications," Human Rights Watch's chief communications officer, Mei Fong, told The Intercept. Fong said in an email that the organization is "treating the data vulnerability in the KST database, and concerns around research methodology on the KST project, with the utmost seriousness." Fong added, "Human Rights Watch did not set up or manage the KST website. We are working with our partners to support an investigation to establish how many people -- other than the limited number we are so far aware of -- may have accessed the KST data, what risks this may pose to others, and next steps. The security and confidentiality of those affected is our primary concern."

Richard Speed reports via The Register: Scientists have revealed how data from a NASA telescope was secured thanks to creative thinking and a batch of Raspberry Pi computers. The telescope was the Super Pressure Balloon Imaging Telescope (SuperBIT), launched on April 16, 2023, from Wanaka Airport in New Zealand. The telescope was raised to approximately 33km in altitude by NASA's 532,000-cubic-meter (18.8-million-cubic-foot) balloon and, above circa 99.5 percent of the Earth's atmosphere, it spent over a month circumnavigating the globe and acquiring observations of astronomical objects. The plan had been for the payload to transmit its data to the ground using SpaceX's Starlink constellation and the US Tracking and Data Relay Satellite System (TDRSS). However, the Starlink connection went down soon after launch, on May 1, and the TDRSS connection became unstable on May 24. The boffins decided to attempt a landing on May 25 due to poor communications and concerns the balloon might be pulled away from further land crossings by weather.

The telescope itself was destroyed during the landing; it was dragged along the ground for 3km by a parachute that failed to detach, leaving a trail of debris in its wake. Miraculously, though, SuperBIT's solid-state drive was recovered intact. However, other than as a reference, its data was not needed thanks to the inclusion of Raspberry Pi-powered hardware in the form of four Data Recovery System (DRS) capsules. Each capsule included a Raspberry Pi 3B and 5TB of solid-state storage. A parachute, a Global Navigation Satellite System (GNSS) receiver, and an Iridium short-burst data transceiver were also included so the hardware could report its location to the recovery team. The capsules were connected to the main payload via Ethernet, and 24V DC was also available.

The plan had been to release the first DRS capsule on day 40, and then another every 20 days after that, whenever SuperBIT passed over land. However, when it became clear that SuperBIT would have to come down on May 25, it was decided to drop two DRS capsules over Argentina's Santa Cruz Province. Both of the DRS capsules released were recovered from their reported locations -- a curious cougar apparently nosed around one of them without causing damage -- and the data was fully intact. Of the unreleased DRS capsules, one failed for unknown reasons at launch -- the team speculated that perhaps a cable came loose -- but the other also contained an intact data set.

For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. ArsTechnica: Underscoring the importance of their discovery, the researchers used their findings to calculate the private portion of almost 200 unique SSH keys they observed in public Internet scans taken over the past seven years. The researchers suspect keys used in IPsec connections could suffer the same fate. SSH is the cryptographic protocol used in secure shell connections that allows computers to remotely access servers, usually in security-sensitive enterprise environments. IPsec is a protocol used by virtual private networks that route traffic through an encrypted tunnel.

The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host. While the percentage is infinitesimally small, the finding is nonetheless surprising for several reasons -- most notably because most SSH software in use has deployed a countermeasure for decades that checks for signature faults before sending a signature over the Internet. Another reason for the surprise is that until now, researchers believed that signature faults exposed only RSA keys used in the TLS -- or Transport Layer Security -- protocol encrypting Web and email connections. They believed SSH traffic was immune from such attacks because passive attackers -- meaning adversaries simply observing traffic as it goes by -- couldn't see some of the necessary information when the errors happened.

Tim Hardwick reports via MacRumors: WhatsApp has introduced a new privacy feature that lets you hide your IP address from whoever you call over the encrypted communications platform. As it stands, one-to-one calls over WhatsApp are established as a direct peer-to-peer connection between users. While this ensures the best possible voice quality, it means the connected devices must reveal their IP addresses to each other. According to WhatsApp, the new privacy setting introduced today works differently by relaying all of your calls through WhatsApp's servers to obfuscate your location, rather than connecting you directly to the person you are calling.

Meta engineers elaborated on the feature in a blog post: "Most calling products people use today have peer-to-peer connections between participants. This direct connection allows for faster data transfers and better call quality, but it also means that participants need to know each other's IP addresses so that call data packets can be delivered to the correct device -- meaning that the IP addresses are visible to both callers on a 1:1 call. IP addresses may contain information that some of our most privacy-conscious users are mindful of, such as broad geographical location or internet provider. To address this concern, we introduced a new feature on WhatsApp that allows you to protect your IP address during calls. With this feature enabled, all your calls will be relayed through WhatsApp's servers, ensuring that other parties in the call cannot see your IP address and subsequently deduce your general geographical location." WhatsApp notes that call quality might be reduced as a result of using the new setting. The feature can be enabled under "Advanced" privacy settings in the app.

An anonymous reader quotes a report from TechCrunch: A relatively new venture founded by Navneet Dalal, an ex-Google research scientist, Matic, formerly known as Matician, is developing robots that can navigate homes to clean "more like a human," as Dalal puts it. Matic today revealed that it has raised $29.5 million, inclusive of a $24 million Series A led by a who's who of tech luminaries, including GitHub co-founder Nat Friedman, Stripe co-founders John and Patrick Collison, Quora CEO Adam D'Angelo and Twitter co-founder and Block CEO Jack Dorsey.

Dalal co-founded Matic in 2017 with Mehul Nariyawala, previously a lead product manager at Nest, where he oversaw Nest's security camera portfolio. [...] Early on, Matic focused on building robot vacuums -- but not because Dalal, who serves as the company's CEO, saw Matic competing with the iRobots and Ecovacs of the world. Rather, floor-cleaning robots provided a convenient means to thoroughly map indoor spaces, he and Nariyawala believed. "Robot vacuums became our initial focus due to their need to cover every inch of indoor surfaces, making them ideal for mapping," Dalal said. "Moreover, the floor-cleaning robot market was ripe for innovation." [...] "Matic was inspired by busy working parents who want to live in a tidy home, but don't want to spend their limited free time cleaning," Dalal said. "It's the first fully autonomous floor cleaning robot that continuously learns and adapts to users' cleaning preferences without ever compromising their privacy."

There are a lot of bold claims in that statement. But on the subject of privacy, Matic does indeed -- or at least claims to -- ensure data doesn't leave a customer's home. All processing happens on the robot (on hardware "equivalent to an iPhone 6," Dalal says), and mapping and telemetry data is saved locally, not in the cloud, unless users opt in to sharing. Matic doesn't even require an internet connection to get up and running -- only a smartphone paired over a local Wi-Fi network. The Matic vacuum understands an array of voice commands and gestures for fine-grained control. And -- unlike some robot vacuums in the market -- it can pick up cleaning tasks where it left off in the event that it's interrupted (say, by a wayward pet). Dalal says that Matic can also prioritize areas to clean depending on factors like the time of day and nearby rooms and furniture. Dalal insists that all this navigational lifting can be accomplished with cameras alone. "In order to run all the necessary algorithms, from 3D depth to semantics to ... controls and navigation, on the robot, we had to vertically integrate and hyper-optimize the entire codebase," Dalal said, "from the modifying kernel to building a first-of-its-kind iOS app with live 3D mapping. This enables us to deliver an affordable robot to our customers that solves a real problem with full autonomy."

The robot won't be cheap. It starts at $1,795 but will be available for a limited time at a discounted price of $1,495.

Blake Brittain reports via Reuters: A judge in California federal court on Monday trimmed a lawsuit by visual artists who accuse Stability AI, Midjourney and DeviantArt of misusing their copyrighted work in connection with the companies' generative artificial intelligence systems. U.S. District Judge William Orrick dismissed some claims from the proposed class action brought by Sarah Andersen, Kelly McKernan and Karla Ortiz, including all of the allegations against Midjourney and DeviantArt. The judge said (PDF) the artists could file an amended complaint against the two companies, whose systems utilize Stability's Stable Diffusion text-to-image technology.

Orrick also dismissed McKernan and Ortiz's copyright infringement claims entirely. The judge allowed Andersen to continue pursuing her key claim that Stability's alleged use of her work to train Stable Diffusion infringed her copyrights. "Even Stability recognizes that determination of the truth of these allegations -- whether copying in violation of the Copyright Act occurred in the context of training Stable Diffusion or occurs when Stable Diffusion is run -- cannot be resolved at this juncture," Orrick said.

Orrick agreed with all three companies that the images the systems actually created likely did not infringe the artists' copyrights. He allowed the claims to be amended but said he was "not convinced" that allegations based on the systems' output could survive without showing that the images were substantially similar to the artists' work. The judge also dismissed other claims from the artists, including that the companies violated their publicity rights and competed with them unfairly, with permission to refile. Orrick dismissed McKernan and Ortiz's copyright claims because they had not registered their images with the U.S. Copyright Office, a requirement for bringing a copyright lawsuit.

An anonymous reader quotes a report from NPR: Two Ukrainian hacktivist groups are claiming to have broken into Russia's largest private bank, Alfa-Bank. In a blog post last week, the hackers from groups called KibOrg and NLB shared screenshots of what appears to be an internal database belonging to Alfa-Bank, as well as personal details of several Russian individuals as "confirmation" of the breach. Within the database, the hackers say there are over 30 million records including names, birthdates, account numbers and phone numbers of Russian customers.

Adding some legitimacy to those claims, a Ukrainian intelligence official who requested anonymity to discuss the sensitive operation confirmed to NPR that Ukraine's top counterintelligence agency, the SBU, helped the hacktivists breach Alfa-Bank. The official did not share additional details about how the SBU participated or any further plans for sharing the stolen data. Ukrainian journalists including from cybersecurity website The Record previously reported on the connection to the SBU. While the hacktivists did not immediately respond to a request to discuss the breach, they wrote in the blog post -- posted on their own site -- that they would be sharing the data obtained from Alfa-Bank with investigative journalists. Alfa-Bank has not publicly responded to the news of the hack.

The upcoming optional disc drive for the PlayStation 5 will require an internet connection to pair it to a console for the first time. From a report: As spotted on the back of the box for the upcoming Call of Duty Modern Warfare 3 PS5 slim bundle, small print confirms that players who purchase the new model with the optional drive will be required to connect to the internet when pairing it to a machine for the first time. It's likely that this is a security measure in order to ensure that the disc drive is a legitimate one and not a third party. However, it has raised some preservation concerns.

An anonymous reader shared this report from Neowin: The various versions of Windows have used Kerberos as its main authentication protocol for over 20 years. However, in certain circumstances, the OS has to use another method, NTLM (NT LAN Manager). Today, Microsoft announced that it is expanding the use of Kerberos, with the plan to eventually ditch the use of NTLM altogether.

In a blog post, Microsoft stated that NTLM continues to be used by some businesses and organizations for Windows authentication because it "doesn't require local network connection to a Domain Controller." It also is "the only protocol supported when using local accounts" and it "works when you don't know who the target server is." Microsoft states:

These benefits have led to some applications and services hardcoding the use of NTLM instead of trying to use other, more modern authentication protocols like Kerberos. Kerberos provides better security guarantees and is more extensible than NTLM, which is why it is now a preferred default protocol in Windows. The problem is that while businesses can turn off NTLM for authentication, those hardwired apps and services could experience issues. That's why Microsoft has added two new authentication features to Kerberos.
Microsoft's blog post calls it "the evolution of Windows authentication," arguing that "As Windows evolves to meet the needs of our ever-changing world, the way we protect users must also evolve to address modern security challenges..." So, "our team is building new features for Windows 11."

• Initial and Pass Through Authentication Using Kerberos, or IAKerb, "a public extension to the industry standard Kerberos protocol that allows a client without line-of-sight to a Domain Controller to authenticate through a server that does have line-of-sight."

• A local Key Distribution Center (KDC) for Kerberos, "built on top of the local machine's Security Account Manager so remote authentication of local user accounts can be done using Kerberos."

• "We are also fixing hard-coded instances of NTLM built into existing Windows components... shifting these components to use the Negotiate protocol so that Kerberos can be used instead of NTLM... NTLM will continue to be available as a fallback to maintain existing compatibility."

• "We are also introducing improved NTLM auditing and management functionality to give your organization more insight into your NTLM usage and better control for removing it."

"Reducing the use of NTLM will ultimately culminate in it being disabled in Windows 11. We are taking a data-driven approach and monitoring reductions in NTLM usage to determine when it will be safe to disable."

Ed Cara reports via Gizmodo: Scientists appear to have developed a hand prosthetic that provides much more control and comfort than those available today. In new research this week, they've detailed the case of a Swedish woman who has successfully worn the advanced bionic limb for years with no major issues, while experiencing significantly less pain than before. The woman, identified as Karin, suffered a farming injury that took much of her right arm below the elbow over 20 years ago. Like many amputees, Karin went on to develop phantom limb pain, which required her to take high doses of medication to manage. She also benefited little from conventional prosthetics, finding them too unwieldy to use for daily life. But several years ago, Karin became one of the first patients enrolled in the DeTOP project, an expansive research study funded by the European Union and involving dozens of scientists across Europe that's looking to develop the next generation of bionic limbs.

Karin's prosthesis was created by the Italian company Presilia and is nicknamed Mia Hand. It's outfitted with state-of-art technology, including AI. And to further improve its functionality, her surgeons performed osseointegration during the attachment procedure, a process that directly fuses bone to the implant, ideally creating a stronger mechanical connection. They also implanted electrodes in her arm muscles and nerves, as well as rewired some of her nerves in the remaining part of the arm. The result is a robotic limb that's directly connected to Karin's neuromusculoskeletal system.

Much like a real flesh-and-blood hand, it's controlled by Karin's nervous system and provides sensory feedback. Her new hand can purportedly perform around 80% of the typical daily tasks that a regular limb would be able to do. And it's substantially reduced her phantom limb pain and the need for medication. The team's findings on Mia Hand's initial success are published in the journal Science Robotics. Karin is one of three patients enrolled in the DeTOP project. And while it may take time for the research on these patients to reach completion, the hope is that these prosthetics can eventually become the new standard for upper limb amputees. For Karin, it's already been a tremendous gift.

An anonymous reader quotes a report from SecurityWeek: Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, according to a warning from cybersecurity vendor Human Security. As part of the global cybercriminal operation called BadBox (PDF), Human Security found a threat actor relied on supply chain compromise to infect the firmware of more than 70,000 Android smartphones, CTV boxes, and tablet devices with the Triada malware. The infected devices come from at least one Chinese manufacturer but, before they are delivered to resellers, physical retail stores, and e-commerce warehouses, a backdoor was injected into their firmware. "Products known to contain the backdoor have been found on public school networks throughout the United States," Human says.

Discovered in 2016, Triada is a modular trojan residing in a device's RAM, relying on the Zygote process to hook all applications on Android, actively using root privileges to substitute system files. Over time, the malware went through various iterations and was found pre-installed on low-cost Android devices on at least two occasions. As part of the BadBox operation that Human Security discovered, the infected low-cost Android devices allow threat actors to carry out various ad-fraud schemes, including one named PeachPit, which at its peak relied on 121,000 Android and 159,000 iOS devices infected with malware, and on 39 Android, iOS, and CTV-centric apps designed to connect to a fake supply-side platform (SSP).

One of the modules delivered to the infected devices from the command-and-control (C&C) server allows the creation of WebViews that are fully hidden from the user, but which "are used to request, render, and click on ads, spoofing the ad requests to look like they're coming from certain apps, referred by certain websites, and rendered" on specific devices. BadBox, Human Security notes, also includes a residential proxy module that allows the threat actors to sell access to the victim's network. Furthermore, they can create WhatsApp messaging accounts and Gmail accounts they can then use for other malicious activities. "Finally, because of the backdoor's connection to C2 servers on BadBox-infected smartphones, tablets, and CTV boxes, new apps or code can be remotely installed by the threat actors without the device owner's permission. The threat actors behind BadBox could develop entirely new schemes and deploy them on BadBox-infected devices without any interaction from the devices' owners," Human notes.

An anonymous reader quotes a report from Ars Technica: Within the past year, there have been approximately five times more school shooting hoaxes called in to police than actual school shootings reported in 2023. Where data from Everytown showed "at least 103 incidents of gunfire on school grounds" in 2023, The Washington Post recently uncovered what seems to be a coordinated campaign of active shooter hoaxes causing "swattings" -- where police respond with extreme force to fake crimes -- at more than 500 schools nationwide over the past year. In just one day in February, "more than 30 schools were targeted," The Post reported.

The Post "examined police reports, emergency call recordings, body-camera footage, or call logs in connection with incidents in 24 states," which seemed to reveal a "distinct pattern" potentially linking swatting hoaxes nationwide. A man who "speaks with a heavy accent" -- and possibly uses a device or app to alter his voice in real time -- relies on a virtual private network (VPN) to mask his IP address, then places the hoax calls on non-emergency lines using free Internet-calling services. He frequently pretends to be a teacher hiding from the fake shooter on campus and sometimes falsely reports student shootings. To some law enforcement officials, the voice sounds too similar from call to call to be chalked up to coincidence. The Post stitched together audio that shows why many authorities believe these hoax calls might be coming from the same caller, whose motivations are currently unknown. It's possible the hoax calls are being orchestrated by one person with a hostile compulsion or by one or several perpetrators advertising swatting services available for hire online. [...]

According to The Post, the FBI has been investigating this string of school shooting hoaxes, but it's unclear how far that investigation has gotten -- mostly because tracing the hoax calls has perplexed many law enforcement agencies nationwide. Tracing calls is difficult partly because many VPN providers outside the US don't always cooperate with law enforcement, and some of the most popular free Internet-calling services only require an email address to sign up. However, The Post reported that it has increasingly become clear to law enforcement that one particular Internet-calling service appears to be the most popular choice for hoax callers reporting school shootings: TextNow. One police captain in Lousiana, Shannon Mack -- who is described as specializing in "cases involving Internet-based phone services -- told The Post that "nine times out of 10," hoax calls she has investigated have come from a TextNow number.

Becky Ferreira writes via the New York Times: Last November, a satellite in low-Earth orbit unfurled into an expansive array that extends across nearly 700 square feet, about the size of a studio apartment. The satellite, BlueWalker 3, has since become one of the brightest objects in the sky, outshining some of the most radiant stars in the Milky Way, according to a study published on Monday in Nature -- and it is just the first of dozens of similar satellites that are in development by AST SpaceMobile, a company that aims to keep smartphones connected from orbit. "The issue is not necessarily that one satellite," said Siegfried Eggl, an astrophysicist at the University of Illinois, Urbana-Champaign and an author of the new study, "but that it is a predecessor or prototype of a constellation, so there's going to be a lot of those out there eventually."

Initially launched in September 2022, BlueWalker 3 is the forerunner of AST SpaceMobile's BlueBird satellites, which aim to serve as a network of orbital cell towers with the goal "to democratize access to knowledge and information regardless of where people live and work," a spokesperson for AST SpaceMobile said. Last month, BlueWalker 3 successfully relayed its first 5G connection to a smartphone in a cellular coverage gap on Earth. AST SpaceMobile is one of many companies racing to capture the surging demand for global broadband connectivity. "At the moment, there are 18 constellations that we know are planned all over the world," Dr. Eggl said. "The total number of satellites is a stunning half a million that people are planning to put up there. This is 100 times more than we already have."

AST SpaceMobile made BlueWalker 3's array so large in order to beam strong cellular coverage directly to phones on Earth. The satellite is made of many small antennas that can connect existing smartphones, which is an approach that distinguishes the company from Starlink and other planned constellations that currently rely on ground antennas or dishes. [...] AST SpaceMobile said that it was working with astronomers on techniques to reduce disruptions. It also contrasted the number in its constellation with the tens of thousands planned by other companies. The spokesperson said it could "provide substantial global coverage with around 90 satellites." Though BlueBird satellites would be far fewer in number, they are at least 64 times as big and bright as a Starlink satellite. The SpaceX orbiters are also brightest in the days after their deployment, but they become much fainter once they settle into their target orbits. Astronomers expect that the BlueBird satellites will remain bright in the sky throughout most of their lifetime. As a consequence, one of these satellites could interfere with data captured by astronomical observatories.

"Almost 17 million U.S. employees describe themselves as digital nomads," reports Bloomberg, "more than double the pre-pandemic number, according to MBO Partners, a firm that connects companies with freelance talent."

Bloomberg says one worker sees their lifestyle as less of a vacation and "more about forming a genuine connection with a place and the people who live there." [T]he abrupt shift to remote work during the pandemic pulled what was long an idle fantasy for many into the realm of the possible... The trend of longer work-leisure trips has accelerated as pent-up demand for international travel has boomed after years of restrictions. That's giving some digital nomads a bad reputation for driving up prices and trampling local culture in popular vacation destinations, but it hasn't slowed them down. Dozens of countries are marketing a new class of visas to these professionals to compete for tourism dollars. And despite many highly publicised return-to-office announcements in recent months, some degree of remote work remains a fixture at most companies.
"You hear stories all the time like, 'I went skydiving before I started my workday,'" one digital nomad told Bloomberg. They're participating in Remote Year, which Bloomberg describes as "a program that functions like a kind of study abroad trip for working adults."

But here's the catch. Because they're working in distant timezones, many far-flung remote workers "work a split shift, logging on for a few hours in the evening through midnight, before taking a few hours to sleep and then waking up to log back on for another round." Tue Le, chief executive officer of Remote Year, estimates that somewhere around 15% of program participants traveling in Asia keep strict U.S. hours by staying up overnight. Roughly another third work flexible hours with a mix of evenings or early mornings to collaborate with coworkers back home.
While it may be challenging, one digital nomad took naps as needed — offering this advice. "Don't let people nap-shame you."

At the beginning of The Creator a narrator describes AI-powered robots that are "more human than human." From the movie site Looper: It's in reference to the novel "Do Androids Dream of Electric Sheep?" by Philip K. Dick, which was adapted into the seminal sci-fi classic, "Blade Runner." The phrase is used as the slogan for the Tyrell Corporation, which designs the androids that take on lives of their own. The saying perfectly encapsulates the themes of "Blade Runner" and, by proxy, "The Creator." If a machine of sufficient intelligence is indistinguishable from humans, then shouldn't it be considered on equal footing as humanity?
The Huffington Post calls its "the pro-AI movie we don't need right now" — but they also praise it as "one of the most astonishing sci-fi theatrical experiences this year." Variety notes the film was co-written and directed by Gareth Edwards (director of the 2014 version of Godzilla and the Star Wars prequel Rogue One), working with Oscar-winning cinematographer Greig Fraser (Dune) after the two collaborated on Rogue One. But what's unique is the way they filmed it: adding visual effects "almost improvisationally afterward.

"Achieving this meant shooting sumptuous natural landscapes in far-flung locales like Thailand or Tibet and building futuristic temples digitally in post-production..."

IndieWire gushes that "This movie looks fucking incredible. To a degree that shames most blockbusters that cost three times its budget." They call it "a sci-fi epic that should change Hollywood forever." Once audiences see how "The Creator" was shot, they'll be begging Hollywood to close the book on blockbuster cinema's ugliest and least transportive era. And once executives see how much (or how little) "The Creator" was shot for, they'll be scrambling to make good on that request as fast as they possibly can.

Say goodbye to $300 million superhero movies that have been green-screened within an inch of their lives and need to gross the GDP of Grenada just to break even, and say hello — fingers crossed — to a new age of sensibly budgeted multiplex fare that looks worlds better than most of the stuff we've been subjected to over the last 20 years while simultaneously freeing studios to spend money on the smaller features that used to keep them afloat. Can you imagine...? How ironic that such fresh hope for the future of hand-crafted multiplex entertainment should come from a film so bullish and sanguine at the thought of humanity being replaced by A.I [...]

The real reason why "The Creator" is set in Vietnam (and across large swaths of Eurasia) is so that it could be shot in Vietnam. And in Thailand. And in Cambodia, Nepal, Indonesia, and several other beautiful countries that are seldom used as backdrops for futuristic science-fiction stories like this one. This movie was born from the visual possibilities of interpolating "Star Wars"-like tech and "Blade Runner"-esque cyber-depression into primordially expressive landscapes. Greig Fraser and Oren Soffer's dusky and tactile cinematography soaks up every inch of what the Earth has to offer without any concession to motion capture suits or other CGI obstructions, which speaks to the truly revolutionary aspect of this production: Rather than edit the film around its special effects, Edwards reverse-engineered the special effects from a completed edit of his film... Instead of paying a fortune to recreate a flimsy simulacrum of our world on a computer, Edwards was able to shoot the vast majority of his movie on location at a fraction of the price, which lends "The Creator" a palpable sense of place that instantly grounds this story in an emotional truth that only its most derivative moments are able to undo... [D]etails poke holes in the porous border that runs between artifice and reality, and that has an unsurprisingly profound effect on a film so preoccupied with finding ghosts in the shell. Can a robot feel love? Do androids dream of electric sheep? At what point does programming blur into evolution...?

[T]he director has a classic eye for staging action, that he gives his movies room to breathe, and that he knows that the perfect "Kid A" needle-drop (the album, not the song) can do more for a story about the next iteration of "human" life than any of the tracks from Hans Zimmer's score... [T]here's some real cognitive dissonance to seeing a film that effectively asks us to root for a cuter version of ChatGPT. But Edwards and Weitz's script is fascinating for its take on a future in which people have programmed A.I. to maintain the compassion that our own species has lost somewhere along the way; a future in which technology might be a vessel for humanity rather than a replacement for it; a future in which computers might complement our movies rather than replace our cameras.

Indonesia said it will bar social media companies from allowing transactions and doubling as e-commerce platforms -- all to prevent misuse of public data. "This means that users in Indonesia cannot buy or sell products and services on TikTok and Facebook," reports CNBC. From the report: In a media conference Monday, Minister of Trade Zulkifli Hasan said that "the connection [between social media and e-commerce] must be separated so that the algorithm is not all controlled" and this "prevents the use of personal data" for business purposes. Indonesia also said it would also regulate which overseas goods can be sold, adding these products would receive the same treatment as offline domestic goods. The move comes as foreign goods become increasingly available in Indonesia through social media platforms. "Social commerce was born to solve a real world problem for local traditional small sellers, by matching them with local creators who can help drive traffic to their online shops," a TikTok spokesperson said in response to the move.

"While we respect local laws and regulations, we hope that the regulations take into account its impact on the livelihoods of more than 6 million sellers and close to 7 million affiliate creators who use TikTok Shop."