NBC News writes: VPNs, or virtual private networks, continue to be used by millions of people as a way of masking their internet activity by encrypting their location and web traffic. But on the modern internet, most people can safely ditch them, thanks to the widespread use of encryption that has made public internet connections far less of a security threat, cybersecurity experts say. "Most commercial VPNs are snake oil from a security standpoint," said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. "They don't improve your security at all...."

Most browsers have quietly implemented an added layer of security in recent years that automatically encrypts internet traffic at most sites with a technology called HTTPS. Indicated by a tiny padlock by the URL, the presence of HTTPS means that worrisome scenario, in which a scammer or a hacker squats on a public Wi-Fi connection in order to watch people's internet habits, isn't feasible. It's not clear that the threat of a hacker at your coffee shop was ever that real to begin with, but it is certainly not a major danger now, Weaver said. "Remember, someone attacking you at the coffee shop needs to be basically at the coffee shop," he said. "I don't know of them ever being used outside of pranks. And those are all irrelevant now with most sites using HTTPS," he said in a text message.

There are still valid uses for VPNs. They're an invaluable tool for getting around certain types of censorship, though other options also exist, such as the Tor Browser, a free web browser that automatically reroutes users' traffic and is widely praised by cybersecurity experts. VPNs are also vital for businesses that need their employees to log in remotely to their internal network. And they're a popular and effective way to watch television shows and movies that are restricted to particular countries on streaming services. But like with antivirus software, the paid VPN industry is a booming global market despite its core mission no longer being necessary for many people.

Most VPNs market their products as a security tool. A Consumer Reports investigation published earlier this month found that 12 of the 16 biggest VPNs make hyperbolic claims or mislead customers about their security benefits. And many can make things worse, either by selling customers' browsing history to data brokers, or by having poor cybersecurity.
The article credits the Electronic Frontier Foundation for popularizing encryption through browser extensions and web site certificates starting in 2010. "In 2015, Google started prioritizing websites that enabled HTTPS in its search results. More and more websites started offering HTTPS connections, and now practically all sites that Google links to do so.

"Since late 2020, major browsers such as Brave, Chrome, Firefox, Safari and Edge all built HTTPS into their programs, making Electronic Frontier Foundation's browser extension no longer necessary for most people."

The CFO of a vacation-rental management company recently told Oregon Public Broadcasting that 20% of people renting a vacation home did so for the first time during the pandemic.

The nonprofit state policy news site Stateline sees a larger trend: Even before the pandemic, the destination towns of the West had a shortage of affordable housing. Limited supply, the remote nature of some of the communities, zoning restrictions and even short construction seasons all contributed.

But the COVID-19 pandemic accelerated everything, including the rise of so-called Zoom towns. Freed from physical offices, suddenly people could live, work and recreate in the vacation communities of the West, with few needs beyond a high-speed internet connection to do jobs that formerly required their presence in major cities. It also in recent years became much easier for owners of second homes to list vacancies with internet-based property firms that promise a steady cash flow in places with seasonal, tourism-based economies. When those homes enter the short-term vacation rental pool, they're no longer available to the local workforce. Brian Chesky, Airbnb's CEO, said recently that about one-fifth of the company's business by room nights is now stays of 30 days or more. People are booking longer stays that combine work and leisure, an area the company sees as full of potential growth...

There are few statewide efforts to address the effects of short-term rentals; some states, such as Idaho, outright prohibit local governments from enacting bans.... In general, the vacation rental industry also fights efforts to enact short-term moratoriums or bans...

[F]ew popular tourist communities in the West have enough affordable options for the staff necessary to run a vacation destination in peak season. In Montana, people who can't afford the rent in some tourist towns have been camping more regularly on public lands in the vicinity, encroaching on grizzly territory. The housing shortage has led directly to more encounters between bears and people, said Bill Avey, a National Forest supervisor in the region. In Whitefish, a gateway to Montana's Glacier National Park, the lack of affordable workforce housing in 2021 forced nearly all food- or beverage-related businesses to curtail hours or close at least one day a week at the height of the summer tourist season, said Lauren Oscilowski, who owns the Spotted Bear Spirits distillery. Over the past year, about half the people on her 11-person team have been forced to move because their landlords decided to turn their housing into more lucrative short-term rentals.

"There's this national thing where hospitality people aren't returning to hospitality because the wages are too low, or they're sick of dealing with the public or whatever it is," Oscilowski said. "But that's just a piece of it. The bigger piece for us is really housing...."

It's hard to imagine home life without the internet, particularly amid the coronavirus pandemic. Now a law going into effect in Washington state is acknowledging that. CNET News: Starting in the new year, home sellers in Washington will be required to share their internet provider on signed disclosure forms that include information about plumbing, insulation and structural defects. "Does the property currently have internet service?" the disclosure form will now ask, along with a space to say who the provider is. The law doesn't require sellers to detail access speeds, quality or alternative providers. The new disclosure is the latest in an array of efforts by lawmakers across the country to respond to our increasing reliance on home internet connectivity for work, education and entertainment. That internet connection has become even more critical during the COVID-19 pandemic, which has upended the lives of billions of people, forcing quarantines and lockdowns as people adjust to a new normal of daily life.

Two dozen theologians participated in a program funded partially by NASA to research how humans may react to news that intelligent life exists on other planets, according to one religious scholar who says he was recruited. From a report: The Rev. Dr. Andrew Davison, of the University of Cambridge, told the Times UK in a recent interview that he was among 23 other theologians in a NASA-sponsored program at the Center for Theological Inquiry at Princeton University from 2016 to 2017. Davison said he and his colleagues examined how each of the world's major religions would likely respond if they were made aware of the existence of aliens. His own work focused on the connection between astrobiology and Christian theology. Will Storrar, director of the CTI, said NASA wanted to see "serious scholarship being published in books and journals" addressing the "profound wonder and mystery and implication of finding microbial life on another planet," the Times reported.

[...] NASA's Astrobiology program provided partial funding through a grant to the CTI in 2015, with the agency-funded portion of the project concluding in 2017, a NASA spokesperson confirmed to Changing America. NASA was not directly involved in the selection of researchers for the study.

An anonymous reader shares a report: Earlier this month, we broke a story about Toyota locking its key fob remote start function behind a monthly subscription. If owners of certain models aren't actively enrolled in a larger Toyota connected services plan, the proximity remote start function on the fob -- that is, when you press the lock button three times to start the car while outside of it -- will not work even though it sends the signal directly to the car. Obviously, this sent people into a frenzy whether they own a Toyota or not, because it was seen as a dark harbinger of the perils of fully-connected cars. Automakers now have the ability to nickel and dime people to death by charging ongoing subscription fees for functions that used to be a one-and-done purchase, and it looked like Toyota was hopping on the bandwagon.

At the time, Toyota declined to give us a detailed answer on why it chose to take a feature that doesn't need an internet connection to function and moved it behind a paywall. Today, we've got answers. Toyota now claims it never intended to market the key fob remote start as a real feature, and it also says the subscription requirement was an inadvertent result of a relatively small technical decision related to the way its new vehicles are architectured. Finally, Toyota has heard the outrage over the last week -- a spokesperson told us the company was caught off guard by the blowback -- and its executive team is currently examining whether it's possible to reverse course and drop the subscription requirement for key fob remote start.

Researchers say a second family of ransomware has been growing in usage for attack attempts that exploit the critical vulnerability in Apache Log4j, including in the U.S. and Europe. VentureBeat reports: A number of researchers, including at cybersecurity giant Sophos, have now said they've observed the attempted deployment of a ransomware family known as TellYouThePass. Researchers have described TellYouThePass as an older and largely inactive ransomware family -- which has been revived following the discovery of the vulnerability in the widely used Log4j logging software. TellYouThePass is the second family of ransomware that's been observed to exploit the vulnerability in Log4j, known as Log4Shell, joining the Khonsari ransomware, according to researchers.

While previous reports indicated that TellYouThePass was mainly being directed against targets in China, researchers at Sophos told VentureBeat that they've observed the attempted delivery of TellYouThePass ransomware both inside and outside of China -- including in the U.S. and Europe. "Systems in China were targeted, as well as some hosted in Amazon and Google cloud services in the U.S. and at several sites in Europe," said Sean Gallagher, a senior threat researcher at Sophos Labs, in an email to VentureBeat on Tuesday. Sophos detected attempts to deliver TellYouThePass payloads by utilizing the Log4j vulnerability on December 17 and December 18, Gallagher said. TellYouThePass has versions that run on either Linux or Windows, "and has a history of exploiting high-profile vulnerabilities like EternalBlue," said Andrew Brandt, a threat researcher at Sophos, in an email. The Linux version is capable of stealing Secure Socket Shell (SSH) keys and can perform lateral movement, Brandt said. Sophos initially disclosed its detection of TellYouThePass ransomware in a December 20 blog post.

The first report of TellYouThePass ransomware exploiting the Log4j vulnerability appears to have come from the head of Chinese cybersecurity group KnownSec 404 Team on December 12. The attempted deployment of TellYouThePass in conjunction with Log4Shell was subsequently confirmed by additional researchers, according to researcher community Curated Intelligence. In a blog post Tuesday, Curated Intelligence said its members can now confirm that TellYouThePass has been seen exploiting the vulnerability "in the wild to target both Windows and Linux systems." TellYouThePass had most recently been observed in July 2020, Curated Intelligence said. It joins Khonsari, a new family of ransomware identified in connection with exploits of the Log4j vulnerability.

InfiniteZero writes: Imaginary numbers are necessary to accurately describe reality, two new studies have suggested. Imaginary numbers are what you get when you take the square root of a negative number, and they have long been used in the most important equations of quantum mechanics, the branch of physics that describes the world of the very small. When you add imaginary numbers and real numbers, the two form complex numbers, which enable physicists to write out quantum equations in simple terms. But whether quantum theory needs these mathematical chimeras or just uses them as convenient shortcuts has long been controversial. In fact, even the founders of quantum mechanics themselves thought that the implications of having complex numbers in their equations was disquieting. In a letter to his friend Hendrik Lorentz, physicist Erwin Schrodinger -- the first person to introduce complex numbers into quantum theory, with his quantum wave function -- wrote, "What is unpleasant here, and indeed directly to be objected to, is the use of complex numbers. quantum wave function is surely fundamentally a real function."

Schrodinger did find ways to express his equation with only real numbers alongside an additional set of rules for how to use the equation, and later physicists have done the same with other parts of quantum theory. But in the absence of hard experimental evidence to rule upon the predictions of these "all real" equations, a question has lingered: Are imaginary numbers an optional simplification, or does trying to work without them rob quantum theory of its ability to describe reality? Now, two studies, published Dec. 15 in the journals Nature and Physical Review Letters, have proved Schrodinger wrong. By a relatively simple experiment, they show that if quantum mechanics is correct, imaginary numbers are a necessary part of the mathematics of our universe. "The early founders of quantum mechanics could not find any way to interpret the complex numbers appearing in the theory," lead author Marc-Olivier Renou, a theoretical physicist at the Institute of Photonic Sciences in Spain, told Live Science in an email. "Having them [complex numbers] worked very well, but there is no clear way to identify the complex numbers with an element of reality." To test whether complex numbers were truly vital, the authors of the first study devised a twist on a classic quantum experiment known as the Bell test. The test was first proposed by physicist John Bell in 1964 as a way to prove that quantum entanglement -- the weird connection between two far-apart particles that Albert Einstein objected to as "spooky action at a distance" -- was required by quantum theory.

"Globally, methane is responsible for 30% of global warming. Of that, livestock, such as cattle, account for about one-third of all methane emissions," reports CBS News.

But researchers discovered that feeding seaweed to cattle would reduce greenhouse gases by as much as 40%, they're told by a Canadian farmer named Joe Dorgan who first discovered the connection: Digesting roughage requires extra digestion from cows and causes cows to burp more. Those burps emit methane, a heat-trapping greenhouse gas that's 80 times more potent than carbon dioxide. In a year, a cow emits as much greenhouse gas as a small car. Because animal numbers have skyrocketed to help feed a growing human population, livestock now accounts for 15% of global emissions.

The increase motivated chief scientist at Futurefeed, Rob Kinley, who worked with Dorgan on his organic certification 15 years ago, to find a seaweed species with even more methane-reducing power. "We started testing seaweeds from coastal Australia, and it wasn't long before the Asparagopsis species showed up, and it showed up in a big way. So big that we didn't even believe what we were seeing," Kinley said. "It took multiple runs of testing this before we believed what we were seeing, which was we couldn't find methane anymore." Kinley's research showed Asparagopsis, a common type of red seaweed, has the potential to virtually eliminate methane emissions from livestock.

But there are some obstacles to overcome — it's not easy to harvest from the ocean, so scientists are experimenting with farming it. Kinely's team, along with others like Josh Goldman, project leader at Greener Grazing, are getting much closer to perfecting the techniques.... Still, there's the challenge of encouraging cow owners to use the seaweed supplement. For that, Goldman says there's an incentive: adding seaweed to a cow's diet means they consume less food. And, he says, dairy farmers and cattle ranchers will likely be able to cash in, selling carbon credits for the emissions they reduce.

Eliminating almost all methane from almost all cow's on Earth "would have a tremendous impact, roughly equivalent to eliminating all the emissions from the U.S., or the equivalent of taking every car off the road globally," Goldman said.
"It's clear that methane reduction from seaweed is effective in the short-term," the article concludes, "but there's some fear that its effects may diminish over time as the cow's digestive systems adapt."

An anonymous reader quotes a report from ProPublica: Across the country, some law enforcement agencies have deployed controversial surveillance technology to track cellphone location and use. Critics say it threatens constitutional rights, and members of Congress have moved to restrain its use. Nonetheless, in 2019 the Boston Police Department bought the device known as a cell site simulator -- and tapped a hidden pot of money that kept the purchase out of the public eye. A WBUR investigation with ProPublica found elected officials and the public were largely kept in the dark when Boston police spent $627,000 on this equipment by dipping into money seized in connection with alleged crimes.

Also known as a "stingray," the cell site simulator purchased by Boston police acts like a commercial cellphone tower, tricking nearby phones into connecting to it. Once the phones connect to the cell site simulator's decoy signal, the equipment secretly obtains location and other potentially identifying information. It can pinpoint someone's location down to a particular room of a hotel or house. While this briefcase-sized device can help locate a suspect or a missing person, it can also scoop up information from other phones in the vicinity, including yours. The Boston police bought its simulator device using money that is typically taken during drug investigations through what's called civil asset forfeiture.

An August investigation by WBUR and ProPublica found that even if no criminal charges are brought, law enforcement almost always keeps the money and has few limitations on how it's spent. Some departments benefit from both state and federal civil asset forfeiture. The police chiefs in Massachusetts have discretion over the money, and the public has virtually no way of knowing how the funds are used. The Boston City Council reviews the BPD annual budget, scrutinizing proposed spending. But the surveillance equipment wasn't part of the budget. Because it was purchased with civil forfeiture funds, BPD was able to circumvent the council. According to an invoice obtained by WBUR, the only city review of the purchase -- which was made with federal forfeiture funds -- came from the Procurement Department, confirming that the funds were available. In fact, it was only after sifting through hundreds of documents received through public records requests that WBUR discovered BPD had bought the device from North Carolina-based Tactical Support Equipment Inc., which specializes in surveillance technology.

Previously, one assumption about the 10 out of 10 Log4j security vulnerability was that it was limited to exposed vulnerable servers. We were wrong. The security company Blumira claims to have found a new, exciting Log4j attack vector. ZDNet reports: According to Blumira, this newly-discovered Javascript WebSocket attack vector can be exploited through the path of a listening server on their machine or local network. An attacker can simply navigate to a website and trigger the vulnerability. Adding insult to injury, WebSocket connections within the host can be difficult to gain deep visibility into. That means it's even harder to detect this vulnerability and attacks using it. This vector significantly expands the attack surface. How much so? It can be used on services running as localhost, which are not exposed to a network. This is what we like to call a "Shoot me now" kind of problem. Oh, and did I mention? The client itself has no direct control over WebSocket connections. They can silently start when a webpage loads. Don't you love the word "silently" in this context? I know I do.

In their proof-of-concept attack, Blumira found that by using one of the many Java Naming and Directory Interface (JNDI) exploits that they could trigger via a file path URL using a WebSocket connection to machines with an installed vulnerable Log4j2 library. All that was needed to trigger success was a path request that was started on the web page load. Simple, but deadly. Making matters worse, it doesn't need to be localhost. WebSockets allow for connections to any IP. Let me repeat, "Any IP" and that includes private IP space.

Next, as the page loads, it will initiate a local WebSocket connection, hit the vulnerable listening server, and connect out over the identified type of connection based on the JNDI connection string. The researchers saw the most success utilizing Java Remote Method Invocation (RMI). default port 1099., although we are often seeing custom ports used. Simply port scanning, a technique already in the WebSocket hacker handbook, was the easiest path to a successful attack. Making detecting such attacks even harder, the company found "specific patterns should not be expected as it is easy to trigger traffic passively in the background." Then, an open port to a local service or a service accessible to the host is found, it can then drop the JNDI exploit string in path or parameters. "When this happens, the vulnerable host calls out to the exploit server, loads the attacker's class, and executes it with java.exe as the parent process." Then the attacker can run whatever he wants. Blumira suggests users "update all local development efforts, internal applications, and internet-facing environments to Log4j 2.16 as soon as possible, before threat actors can weaponize this exploit further," reports ZDNet.

"You should also look closely at your network firewall and egress filtering. [...] In particular, make sure that only certain machines can send out traffic over 53, 389, 636, and 1099 ports. All other ports should be blocked." The report continues: "Finally, since weaponized Log4j applications often attempt to call back home to their masters over random high ports, you should block their access to such ports. "

The artificial intelligence (AI) program DeepMind has gotten closer to proving a math conjecture that's bedeviled mathematicians for decades and revealed another new conjecture that may unravel how mathematicians understand knots. Live Science reports: The two pure math conjectures are the first-ever important advances in pure mathematics (or math not directly linked to any non-math application) generated by artificial intelligence, the researchers reported Dec. 1 in the journal Nature. [...] The first challenge was setting DeepMind onto a useful path. [...] They focused on two fields: knot theory, which is the mathematical study of knots; and representation theory, which is a field that focuses on abstract algebraic structures, such as rings and lattices, and relates those abstract structures to linear algebraic equations, or the familiar equations with Xs, Ys, pluses and minuses that might be found in a high-school math class.

In understanding knots, mathematicians rely on something called invariants, which are algebraic, geometric or numerical quantities that are the same. In this case, they looked at invariants that were the same in equivalent knots; equivalence can be defined in several ways, but knots can be considered equivalent if you can distort one into another without breaking the knot. Geometric invariants are essentially measurements of a knot's overall shape, whereas algebraic invariants describe how the knots twist in and around each other. "Up until now, there was no proven connection between those two things," [said Alex Davies, a machine-learning specialist at DeepMind and one of the authors of the new paper], referring to geometric and algebraic invariants. But mathematicians thought there might be some kind of relationship between the two, so the researchers decided to use DeepMind to find it. With the help of the AI program, they were able to identify a new geometric measurement, which they dubbed the "natural slope" of a knot. This measurement was mathematically related to a known algebraic invariant called the signature, which describes certain surfaces on knots.

In the second case, DeepMind took a conjecture generated by mathematicians in the late 1970s and helped reveal why that conjecture works. For 40 years, mathematicians have conjectured that it's possible to look at a specific kind of very complex, multidimensional graph and figure out a particular kind of equation to represent it. But they haven't quite worked out how to do it. Now, DeepMind has come closer by linking specific features of the graphs to predictions about these equations, which are called Kazhdan-Lusztig (KL) polynomials, named after the mathematicians who first proposed them. "What we were able to do is train some machine-learning models that were able to predict what the polynomial was, very accurately, from the graph," Davies said. The team also analyzed what features of the graph DeepMind was using to make those predictions, which got them closer to a general rule about how the two map to each other. This means DeepMind has made significant progress on solving this conjecture, known as the combinatorial invariance conjecture.

Long-time Slashdot reader mtaht writes: Comcast fully deployed bufferbloat fixes across their entire network over the past year, demonstrating 90% improvements in working latency and jitter — which is described in this article by by Comcast Vice President of Technology Policy & Standards. (The article's Cumulative Distribution Function chart is to die for...) But: did anybody notice? Did any other ISPs adopt AQM tech? How many of y'all out there are running smart queue management (sch_cake in linux) nowadays?
But wait — it gets even more interesting...

The Comcast official anticipates even less latency with the newest Wi-Fi 6E standard. (And for home users, the article links to a page recommending "a router whose manufacturer understands the principles of bufferbloat, and has updated the firmware to use one of the Smart Queue Management algorithms such as cake, fq_codel, PIE.")

But then the Comcast VP looks to the future, and where all of this is leading: Currently under discussion at the IETF in the Transport Area Working Group is a proposal for Low Latency, Low Loss Scalable Throughput. This potential approach to achieve very low latency may result in working latencies of roughly one millisecond (though perhaps 1-5 milliseconds initially). As the IETF sorts out the best technical path forward through experimentation and consensus-building (including debate of alternatives), in a few years we may see the beginning of a shift to sub-5 millisecond working latency. This seems likely to not only improve the quality of experience of existing applications but also create a network foundation on which entirely new classes of applications will be built.

While we can certainly think of usable augmented and virtual reality (AR and VR), these are applications we know about today. But what happens when the time to access resources on the Internet is the same, or close to the time to access local compute or storage resources? What if the core assumption that developers make about networks — that there is an unpredictable and variable delay — goes away? This is a central assumption embedded into the design of more or less all existing applications. So, if that assumption changes, then we can potentially rethink the design of many applications and all sorts of new applications will become possible. That is a big deal and exciting to think about the possibilities!

In a few years, when most people have 1 Gbps, 10 Gbps, or eventually 100 Gbps connections in their home, it is perhaps easy to imagine that connection speed is not the only key factor in your performance. We're perhaps entering an era where consistently low working latency will become the next big thing that differentiates various Internet access services and application services/platforms. Beyond that, factors likely exceptionally high uptime, proactive/adaptive security, dynamic privacy protection, and other new things will likely also play a role. But keep an eye on working latency — there's a lot of exciting things happening!

The US Federal Bureau of Investigations said today that the operators of the Cuba ransomware have earned at least $43.9 million from ransom payments following attacks carried out this year. From a report: In a flash alert sent out on Friday, the Bureau said the Cuba gang has "compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors." The FBI said it traced attacks with the Cuba ransomware to systems infected with Hancitor, a malware operation that uses phishing emails, Microsoft Exchange vulnerabilities, compromised credentials, or RDP brute-forcing tools to gain access to vulnerable Windows systems. Once systems are added to their botnet, Hancitor operators rent access to these systems to other criminal gangs in a classic Malware-as-a-Service model. While an April 2021 McAfee report on the Cuba ransomware found no connection between the two groups, the FBI report highlights what appears to be a new partnership between MaaS providers and ransomware gangs after other ransomware operations struck similar partnerships throughout 2020.

Long-time Slashdot reader tinskip shares a report from BleepingComputer: Nickolas Sharp, a former employee of networking device maker Ubiquiti, was arrested and charged today with data theft and attempting to extort his employer while posing as a whistleblower and an anonymous hacker. "As alleged, Nickolas Sharp exploited his access as a trusted insider to steal gigabytes of confidential data from his employer, then, posing as an anonymous hacker, sent the company a nearly $2 million ransom demand," U.S. Attorney Damian Williams said today. "As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistleblower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company's computer systems."

According to the indictment (PDF), Sharp stole gigabytes of confidential data from Ubiquiti's AWS (on December 10, 2020) and GitHub (on December 21 and 22, 2020) infrastructure using his cloud administrator credentials, cloning hundreds of GitHub repositories over SSH. Throughout this process, the defendant tried hiding his home IP address using Surfshark's VPN services. However, his actual location was exposed after a temporary Internet outage. To hide his malicious activity, Sharp also altered log retention policies and other files that would have exposed his identity during the subsequent incident investigation. "Among other things, SHARP applied one-day lifecycle retention policies to certain logs on AWS which would have the effect of deleting certain evidence of the intruder's activity within one day," the court documents read.

After Ubiquiti disclosed a security incident in January following Sharp's data theft, while working to assess the scope and remediate the security breach effects he also tried extorting the company (posing as an anonymous hacker). His ransom note demanded almost $2 million in exchange for returning the stolen files and the identification of a remaining vulnerability. The company refused to pay the ransom and, instead, found and removed a second backdoor from its systems, changed all employee credentials, and issued the January 11 security breach notification. After his extortion attempts failed, Sharp shared information with the media while pretending to be a whistleblower and accusing the company of downplaying the incident. This caused Ubiquiti's stock price to fall by roughly 20%, from $349 on March 30 to $290 on April 1, amounting to losses of over $4 billion in market capitalization.

The US government's China Initiative sought to protect national security. In the most comprehensive analysis of cases to date, MIT Technology Review reveals how far it has strayed from its goals. Technology Review: A visiting researcher at UCLA accused of hiding his connection to China's People's Liberation Army. A hacker indicted for breaking into video game company servers in his spare time. A Harvard professor accused of lying to investigators about funding from China. And a man sentenced for organizing a turtle-smuggling ring between New York and Hong Kong. For years, the US Department of Justice has used these cases to highlight the success of its China Initiative, an effort to counter rising concerns about Chinese economic espionage and threats to US national security. Started in 2018, the initiative was a centerpiece of the Trump administration's hardening stance against China. Now, an investigation by MIT Technology Review shows that the China Initiative has strayed far from its initial mission. Instead of focusing on economic espionage and national security, the initiative now appears to be an umbrella term for cases with almost any connection to China, whether they involve state-sponsored hackers, smugglers, or, increasingly, academics accused of failing to disclose all ties to China on grant-related forms.

To date, only about a quarter of defendants charged under the initiative have been convicted, and about half of those defendants with open charges have yet to see the inside of an American courtroom. Although the program has become a top priority of US law enforcement and domestic counterintelligence efforts -- and an unusual one, as the first country-specific initiative -- many details have remained murky. The DOJ has not publicly defined the initiative or answered many basic questions about it, making it difficult to understand, let alone assess or exercise oversight of it, according to many civil rights advocates, lawmakers, and scholars. While the threat of Chinese intellectual property theft is real, critics wonder if the China Initiative is the right way to counteract it. Today, after months of research and investigation, MIT Technology Review is publishing a searchable database of 77 cases and more than 150 defendants. While likely incomplete, the database represents the most comprehensive accounting of the China Initiative prosecutions to date. Our reporting and analysis showed that the climate of fear created by the prosecutions has already pushed some talented scientists to leave the United States and made it more difficult for others to enter or stay, endangering America's ability to attract new talent in science and technology from China and around the world.

Nearly 3 billion people -- or 37% of the world's population -- have never used the internet, according to the United Nations, despite the Covid-19 pandemic driving people online. From a report: The UN's International Telecommunication Union (ITU) estimated that 96% of the 2.9 billion people who have not accessed the web live in developing countries. The agency said the estimated number of people who have gone online rose from 4.1 billion in 2019 to 4.9 billion this year, partially due to a "Covid connectivity boost." But even among those internet users, many hundreds of millions might only go online infrequently, using shared devices or facing connection speeds that hamper their internet use.

"ITU will work to make sure the building blocks are in place to connect the remaining 2.9 billion. We are determined to ensure no one will be left behind," said the ITU secretary general, Houlin Zhao. The number of users globally grew by more than 10% in the first year of the Covid crisis -- by far the largest annual increase in a decade. The ITU cited measures such as lockdowns, school closures and the need to access services such remote banking as having an influence.

An anonymous reader writes: The mysterious ways cancer spreads through the body, a process known as metastasis, is what can make it such a difficult enemy to keep at bay. Researchers at Princeton University working in this area have been tugging at a particular thread for more than 15 years, focusing on a single gene central to the ability of most major cancers to metastasize. They've now discovered what they describe as a "silver bullet" in the form of a compound that can disable this gene in mice and human tissue, with clinical trials possibly not too far away.

This discovery has its roots in 2004 research in which Princeton scientists identified a gene implicated in metastatic breast cancer, called metadherin, or MTDH. A 2009 paper by cancer biologist Yibin Kang then showed the gene was amplified and produced abnormally high levels of MTDH proteins in around a third of breast cancer tumors, and was central to not just the process of metastasis, but also the resistance of those tumors to chemotherapy. Subsequent research continued to shed light on the importance of the MTDH gene, demonstrating how it is critical for cancer to flourish and metastasize. Mice engineered to lack the gene grew normally, and those that did get breast cancer featured far fewer tumors -- and those tumors that did form didn't metastasize. This was then found to be true of prostate cancer, lung cancer, colorectal cancer, liver cancer and many other cancers.

The crystal structure of MTDH shows the protein has a pair of protrusions likened to fingers, which interlock with two holes in the surface of another protein called SND1. This is "like two fingers sticking into the holes of a bowling ball," according to Kang, and the scientists suspected if this intimate connection could be broken, it could go a long way to dampening the harmful effects of MTDH. "We knew from the crystal structure what the shape of the keyhole was, so we kept looking until we found the key," Kang says. The team spent two years screening for the right molecules to fill these holes without any great success, until they landed on what they say is a "silver bullet." The resulting compound plugs these voids and prevents the proteins from interlocking, with profound anti-cancer effects that resemble those seen in the MTDH-deficient mice from their earlier work. "The scientists say that MTDH assists cancer in two primary ways, by helping tumors endure the stresses of chemotherapy and by silencing the alarm that organs normally sound when a tumor invades them," adds New Atlas. "By interlocking with the SND1 protein, it prevents the immune system from recognizing the danger signals normally generated by cancerous cells, and therefore stops it from attacking them. The team is now working to refine the compound, hoping to improve its effectiveness in disrupting the connection between MTDH and SND1 and lower the required dosage. [T]hey hope to be ready for clinical trials on human patients in two to three years."

The research has been published across two papers in the journal Nature Cancer.

SpaceX's Starlink unit is testing its space-based internet service with several aircraft and wants to offer in-flight connection to airlines "as soon as possible," a company vice president said. From a report: Starlink is in talks with several airlines about offering in-flight broadband connections, Jonathan Hofeller, vice president of commercial sales, said Tuesday on a panel at the Airline Passenger Experience Association gathering in Long Beach, California. That would put the company in direct competition with Viasat, Intelsat SA, Telesat and others. Starlink is producing six satellites a week at its assembly site near Seattle, Hofeller said. It is also moving to a more sophisticated version.

From a report: In May 2020, when the pandemic raged, the comedian and TV writer Marlena Rodriguez got an invite to a new app called Clubhouse that offered the homebound online masses a way to spend some of their suddenly abundant time. In the ensuing months, Rodriguez jousted in a chat room with the celebrity Ashton Kutcher, gained more than 13,000 followers, and started a party room on Fridays that frequently swelled to over 1,000 people. She wrote a play, "Once Upon a Clubhouse," and hired actors to perform it on the app. "I was in love," she said. Today, "I question why I'm even still on Clubhouse," Rodriguez said. Her Friday-night room has dwindled to about 30 people.

More than any other startup, Clubhouse epitomizes the venture-capital-backed euphoria that swept the tech industry since lockdowns shut millions of people inside and pushed them online for connection, entertainment, and information. Marc Andreessen has called the app "the Athenian agora come to life," referring to the hub of democracy in ancient Greece. It has raised more than $100m from his firm and other top VCs, garnering a $4bn valuation. But with vaccinations rising and more people returning to normal life, Clubhouse has been hit particularly hard. Daily downloads of the app have plunged more than 90% since a peak in June, while daily average users are down almost 80% since February, Apptopia data indicated. Insider interviews with creators, advertisers, VCs, and others in the tech industry show a platform struggling to build an audience and keep it. Moneymaking opportunities are also slim, which makes the app a tough sell for creators and users as there are many other options online and off.

CNN reports on researcher Michael Worobey, "who specializes in tracing the genetic evolution of viruses," who has now found "considerable evidence that the virus arose in an animal, and did not start circulating until the end of 2019." One case especially stood out — that of a 41-year-old accountant who allegedly got sick on December 8, 2019 and who had no connection to the market. The case has been cited as evidence the pandemic must not have started at the market.

Worobey found records that showed the man didn't become ill with Covid-19 until later in December and that his December 8 problem was related to his teeth.

"This is corroborated by hospital records and a scientific paper that reports his COVID-19 onset date as 16 December and date of hospitalization as 22 December," Worobey wrote in a commentary in the journal Science. That would make a seafood vendor who worked at the market and who got sick December 11, 2019, the earliest documented case, Worobey said.

Other research helped Worobey come up with a map of the earliest cases that clusters them all around the market. "That so many of the more than 100 COVID-19 cases from December with no identified epidemiologic link to Huanan Market nonetheless lived in its direct vicinity is notable and provides compelling evidence that community transmission started at the market," he wrote. "It tells us that there's a big red flashing arrow pointing at Huanan Market as the most likely place that the pandemic started," Worobey told CNN. "The virus didn't come from some other part of Wuhan and then get to Huanan market. The evidence speaks really quite strongly to the virus starting at the market and then leaking into the neighborhoods around the market...."

The journal Science subjected Worobey's research to outside scrutiny before publishing it.
Interestingly, Science also published a letter in May in which Worobey had joined 17 other scientists to urge the investigation of both the "natural origin" and "lab leak" theories. But now while he still believes the Chinese government should've investigated the lab leak theory, "holy smokes — is there a lot of evidence against it, and in favor of natural origin," Worobey tells CNN. And he's now telling the Los Angeles Times that his new research "takes the lab-leak idea almost completely off the table.... So many of the early cases were tied to this one Home Depot-sized building in a city of 11 million people, when there are thousands of other places where it would be more likely for early cases to be linked to if the virus had not started there."

Or, as he explained his research to the Washington Post, "It becomes almost impossible to explain that pattern if that epidemic didn't start there."

A virologist at Texas A&M University who was one of the coronavirus experts giving SARS-CoV-2 its name called Worobey's research "detailed and compelling," while a virologist at Tulane University also tells the Post the new research "shows beyond a shadow of a doubt that in fact the Huanan market was the epicenter of the outbreak."