Saturday night in the Silicon Valley city of San Jose, the assistant police chief tweeted out praise for their recently-upgraded Automatic License Plate Readers: Officers in Air3 [police helicopter], monitoring the ALPR system, got alerted to 3 stolen cars. They directed ground units to the cars. All 3 drivers in custody! No dangerous vehicle pursuits occurred, nor were they needed.

2 drivers tried to run away. But, you can't outrun a helicopter!"
There's photos — one of the vehicles appears to be a U-Haul pickup truck — and the tweet drew exactly one response, from San Jose mayor Matt Mahan: "Nice job...! Appreciate the excellent police work and great to see ALPRs having an impact. Don't steal cars in San Jose!"
Some context: The San Jose Spotlight (a nonprofit local news site) noted that prior to last year license plate readers had been mounted exclusively on police patrol cars (and in use since 2006). But last year the San Jose Police Department launched a new "pilot program" with four cameras mounted at a busy intersection, that "captured nearly 300,000 plate scans in just the last month, according to city data."

By August this had led to plans for 150 more stationary ALPR cameras, a local TV station reported. "Just this week, police said they solved an armed robbery and arrested a suspected shooter thanks to the cameras." During a forum to update the community, San Jose police also mentioned success stories in other cities like Vallejo where they've reported a 100% increase in identifying stolen vehicles. San Jose is now installing hundreds around the city and the first batch is coming in the next two to three months....

The biggest concern among those attending Wednesday's virtual forum was privacy. But the city made it clear the data is only shared with trained police officers and certain city staff, no out-of-state or federal agencies. "Anytime that someone from the San Jose Police Department accesses the ALPR system, they have to input a reason, the specific plates they are looking for and all of that information is logged so that we can keep track of how many times its being used and what its being used for," said Albert Gehami, Digital Privacy Officer for San Jose.
More privacy concerns were raised in September, reports the San Jose Spotlight: The San Jose City Council unanimously approved a policy Tuesday that formally bans the police department from selling any license plate data, using that information for investigating a person's immigration status or for monitoring legally protected activities like protests or rallies.

Even with these new rules, some privacy advocates and community groups are still opposed to the technology. Victor Sin, chair of the Santa Clara Valley Chapter of ACLU of Northern California, expressed doubt that the readers are improving public safety. He made the comments in a letter to the council from himself and leaders of four other community organizations. "Despite claims that (automated license plate reader) systems can reduce crime, researchers have expressed concerns about the rapid acquisition of this technology by law enforcement without evidence of its efficacy," the letter reads. Groups including the Asian Law Alliance and San Jose-Silicon Valley NAACP also said the city should reduce the amount of time it keeps license plate data on file down from one year.....

Mayor Sam Liccardo said he's already convinced the readers are useful, but added the council should try to find a way to measure their effect. "It's probably not a bad idea for us to decide what are the outcomes we're trying to achieve, and if there is some reasonable metric that captures that outcome in a meaningful way," Liccardo said. "Was this used to actually help us arrest anybody, or solve a crime or prevent an accident?"
An EFF position paper argues that "ALPR data is gathered indiscriminately, collecting information on millions of ordinary people." By plotting vehicle times and locations and tracing past movements, police can use stored data to paint a very specific portrait of drivers' lives, determining past patterns of behavior and possibly even predicting future ones — in spite of the fact that the vast majority of people whose license plate data is collected and stored have not even been accused of a crime.... [ALPR technology] allows officers to track everyone..."
Maybe the police officer's tweet was to boost public support for the technology? It's already led to a short report from another local news station: San Jose police recovered three stolen cars using their automated license-plate recognition technology (ALPR) on Saturday, according to officials with the San Jose Police Department.

Officers inside of Air3, one of SJPD's helicopters, spotted three stolen cars using ALPR before directing ground units their way. Police say no pursuits occurred, though two of the drivers tried to run away.

An anonymous reader quotes a report from TechCrunch: A recent study finds that software engineers who use code-generating AI systems are more likely to cause security vulnerabilities in the apps they develop. The paper, co-authored by a team of researchers affiliated with Stanford, highlights the potential pitfalls of code-generating systems as vendors like GitHub start marketing them in earnest. The Stanford study looked specifically at Codex, the AI code-generating system developed by San Francisco-based research lab OpenAI. (Codex powers Copilot.) The researchers recruited 47 developers -- ranging from undergraduate students to industry professionals with decades of programming experience -- to use Codex to complete security-related problems across programming languages including Python, JavaScript and C.

Codex was trained on billions of lines of public code to suggest additional lines of code and functions given the context of existing code. The system surfaces a programming approach or solution in response to a description of what a developer wants to accomplish (e.g. "Say hello world"), drawing on both its knowledge base and the current context. According to the researchers, the study participants who had access to Codex were more likely to write incorrect and "insecure" (in the cybersecurity sense) solutions to programming problems compared to a control group. Even more concerningly, they were more likely to say that their insecure answers were secure compared to the people in the control.

Megha Srivastava, a postgraduate student at Stanford and the second co-author on the study, stressed that the findings aren't a complete condemnation of Codex and other code-generating systems. The study participants didn't have security expertise that might've enabled them to better spot code vulnerabilities, for one. That aside, Srivastava believes that code-generating systems are reliably helpful for tasks that aren't high risk, like exploratory research code, and could with fine-tuning improve in their coding suggestions. "Companies that develop their own [systems], perhaps further trained on their in-house source code, may be better off as the model may be encouraged to generate outputs more in-line with their coding and security practices," Srivastava said. The co-authors suggest vendors use a mechanism to "refine" users' prompts to be more secure -- "akin to a supervisor looking over and revising rough drafts of code," reports TechCrunch. "They also suggest that developers of cryptography libraries ensure their default settings are secure, as code-generating systems tend to stick to default values that aren't always free of exploits."

An anonymous reader shares a report: Tracy Harpster, a deputy police chief from suburban Dayton, Ohio, was hunting for praise. He had a business to promote: a miracle method to determine when 911 callers are actually guilty of the crimes they are reporting. "I know what a guilty father, mother or boyfriend sounds like," he once said. Harpster tells police and prosecutors around the country that they can do the same. Such linguistic detection is possible, he claims, if you know how to analyze callers' speech patterns -- their tone of voice, their pauses, their word choice, even their grammar. Stripped of its context, a misplaced word as innocuous as "hi" or "please" or "somebody" can reveal a murderer on the phone. So far, researchers who have tried to corroborate Harpster's claims have failed. The experts most familiar with his work warn that it shouldn't be used to lock people up. Prosecutors know it's junk science too. But that hasn't stopped some from promoting his methods and even deploying 911 call analysis in court to win convictions.

[...] Junk science in the justice system is nothing new. But unvarnished correspondence about how prosecutors wield it is hard to come by. It can be next to impossible to see how law enforcement -- in league with paid, self-styled "experts" -- spreads new, often unproven methods. The system is at its most opaque when prosecutors know evidence is unfit for court but choose to game the rules, hoping judges and juries will believe it and vote to convict. People like Faria, defense lawyers and sometimes even the judges are blindsided. "I don't want what happened to me to happen to anyone else," Faria told me. Askey, who now goes by Leah Chaney and is no longer a prosecutor, did not answer questions about the case other than to say she didn't know about Harpster's work until after Faria's first trial. She has denied allegations of misconduct in other media interviews.

An anonymous reader quotes a report from Android Headlines: In a recent voice assistant test conducted by popular YouTuber MKBHD, Google Assistant emerged as the best voice assistant, outperforming Apple's Siri, Samsung's Bixby, and Amazon's Alexa. There are several reasons why Google Assistant stands out as the top voice assistant. Firstly, it is backed by Google's powerful artificial intelligence, which helps it to understand and interpret user requests accurately. Secondly, Google Assistant has access to a vast amount of data from its users, which allows it to provide a more personalized experience. The company also collects data from various services such as search, maps, and email to improve the functionality and performance of Google Assistant. However, one of the biggest reasons behind Google Assistant's win is its strong conversation skills. Google's AI uses natural language processing (NLP) algorithms to understand the meaning and context of words and phrases, which helps to keep the conversation going.

Apple's Siri took second place in the competition. It performed well when asked to complete tasks like setting a timer and searching the internet, but struggled when asked to answer more complex or conversational questions. Additionally, Siri was unable to perform tasks that required interacting with apps. In contrast, Samsung's Bixby excelled in device control thanks to its integration with Samsung devices. This integration enables Bixby to control system settings and integrate more deeply with apps than any other voice assistant. Bixby can send text messages, check sports scores, turn down screen brightness, check your calendar, launch apps, and more.

Of all the digital assistants, Amazon's Alexa performed the worst in the voice assistant test. This is due to several factors. Firstly, Alexa is not integrated into smartphones, which means it lacks the personalized touch of other voice assistants. This can make it feel less intuitive and less convenient to use. Secondly, Alexa's inaccuracy in finding facts, inability to interact with other apps and poor conversational models all combine to create a subpar experience when used on a phone. These issues make it difficult for Alexa to provide useful and reliable information, which is a key expectation of voice assistants. In addition, the inclusion of Amazon advertisements between tasks can be annoying and disrupt the user experience.

The Zero Day Initiative, a zero-day security research firm, announced a new Linux kernel security bug that allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions. ZDNet reports: Originally, the Zero Day Initiative ZDI rated it a perfect 10 on the 0 to 10 common Vulnerability Scoring System scale. Now, the hole's "only" a 9.6....

The problem lies in the Linux 5.15 in-kernel Server Message Block (SMB) server, ksmbd. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the kernel context. This new program, which was introduced to the kernel in 2021, was developed by Samsung. Its point was to deliver speedy SMB3 file-serving performance....

Any distro using the Linux kernel 5.15 or above is potentially vulnerable. This includes Ubuntu 22.04, and its descendants; Deepin Linux 20.3; and Slackware 15.

An anonymous reader quotes a report from Ars Technica: Throughout December, a social media user known as Stelfie the Time Traveller has been crafting a time-hopping travelogue using generative AI. Thanks to Stable Diffusion and fine-tuning, an anonymous artist has created a fictional photorealistic character that he can insert into faux historical photographs set in different eras, such as ancient Egypt or the time of the dinosaurs. Stable Diffusion is a deep learning image synthesis model that allows people to create fictional scenes using text descriptions called prompts. With an additional technique called Dreambooth, people can insert their own subject or character into scenes generated by Stable Diffusion. It can also be used to insert real people into fictional situations.

So far, "Stelfie" has taken historical selfies during the ice age (being chased by a woolly mammoth), in ancient Egypt (during the construction of the pyramids), in ancient Greece (with the Trojan Horse), hanging out with Leonardo da Vinci (while creating the Mona Lisa), in the old West, while running from a tyrannosaurus rex, and while sailing with Christopher Columbus. The artist behind Stelfie writes social media posts (on Twitter, Instagram, and Reddit) in character as playful dispatches from a 41-year-old time traveler as he visits different locations. [...]

The anonymous artist (a self-identified "funny old man") detailed some of the process he uses to create the images in several Reddit comments: a combination of Stable Diffusion 1.5, a custom AI model for the landscape, and a custom AI model trained on the Stelfie face, which is apparently a fictional person created using Character Creator. He uses "a lot of inpainting," which means inserting AI-generated imagery into the images to fix errors and sculpt the scene, and each image takes three hours to create.

"Samsung's Mobile Experience (MX) Business has formed a completely new team for designing and developing its own chipsets," reports the Business Standard, citing media reports. "The company has formed an application processor (AP) solution development team within the business."

A similar position already exists with Samsung System LSI, which designs logic chips such as Exynos, which MX uses in its Galaxy phones. According to sources, the MX Business is forming its own identical team either to optimise these Exynos chips for its Galaxy line or, more likely, to entirely develop its own processors in the future, said the report.
Slashdot reader joshuark describes it as "Samsung ditching Samsung." Some context from Hot Hardware: Samsung's fancy phones sold in the U.S. use powerful Qualcomm Snapdragon SoCs that may not always outrun Apple's bespoke processors, but they're pretty darn fast. Overseas, though, Samsung uses its own home-grown Exynos chips, and they don't typically compete as well in terms of performance or efficiency.

It could be for this reason that the company has allegedly formed a new "application processor solution development team." This information comes from Korean tech and electronics site The Elec.... The average smartphone user doesn't obsess much about smartphone speed, but the gap between Apple's finest and even the best Exynos SoCs is a yawning chasm. Rumor has it that the Galaxy S23 will be the first to use Snapdragon processors around the world. If that's true, then Samsung is definitely concerned about performance, and it may well be the case that [team leader] Choi Won-joon wants Samsung's mobile unit to start building its own processors.

"Linus has released the 6.1 kernel," reports LWN.net — and it's the one with initial support for kernel development in Rust.

Elsewhere LWN explains the specifics of this milestone: No system with a production 6.1 kernel will be running any Rust code, but this change does give kernel developers a chance to play with the language in the kernel context and get a sense for how Rust development feels....

There are other initiatives underway, including the writing of an Apple graphics driver in the Rust language. For the initial merge into the mainline kernel, though, Linus Torvalds made it clear that as little functionality as possible should be included. So those drivers and their support code were trimmed out and must wait for a future kernel release. What is there is the support needed to build a module that can be loaded into the kernel, along with a small sample module.... Torvalds asked for something that could do "hello world" and that is what we got. It is something that can be played with, but it cannot be used for any sort of real kernel programming at this point.

That situation will, hopefully, change in the near future.
Meanwhile, Linux 6.1 also includes "support for destructive BPF programs, some significant io_uring performance improvements, better user-space control over transparent huge-page creation, improved memory-tiering support."

The Register adds: Other interesting additions include more support for the made-in-China LoongArch CPU architecture, introductory work to support Wi-Fi 7 and security fixes for some flaky Wi-Fi routines in previous versions of the kernel. There's also plenty of effort to improve the performance of Linux on laptops, and enhanced power efficiency for AMD's PC-centric RYZEN silicon.

"When the third major release of the Dart programming language debuts in mid-2023, null values will no longer be allowed where they're not expected," reports the Register: Null in this context is an assignment value indicating the absence of a value or referenced object.... Dart, an object-oriented, garbage-collected C-like language that once aspired to replace JavaScript, supported sound null safety — a way to prevent errors from accessing variables set to null — as of version 2.12. But it maintained modes for running code without null safety or with partial null safety. Dart 3 will no longer entertain those suboptimal possibilities.

"Our next release, Dart 3, completes the journey to a fully sound null safe language," explained Michael Thomsen, product manager on Dart and Flutter, in a blog post. "As the last step of that journey, we're removing several historical Dart language and SDK artifacts, including removing support for running without sound null safety." Sound null safety, Thomsen explains, means that a non-nullable variable never contains a null value. Not every implementation of null safety is so certain: TypeScript, for example, is unsound — you can assign a null value to a non-null variable. C# has exceptions to its null checks. And Kotlin also has exceptions.

Dart's transition will help catch type-related bugs at compile time, and should improve code readability, maintainability, and ahead-of-time (AOT) compilation. There's a cost however. Sound null safety will be the only option so pubspec files — Dart package metadata — with an SDK constraint set for less than 2.12 will no longer resolve in Dart 3. According to Thomsen, about 85 percent of Flutter code (which is written in Dart) supports sound null safety at this point. Those with apps and packages in the remaining 15 percent are urged to adapt their code prior to Dart 3's arrival....

Following the release of Dart 3, the next significant milestone for the language is likely to be support for compiling Dart code into WebAssembly (Wasm), which will allow Flutter Web apps to run as native code in browsers.

An anonymous reader quotes a report from Slate, written by Lizzie O'Leary: When the New York Times announced, on November 7, that Wordle would have an editor, I didn't give it much thought. How much could the mere presence of a person really change it? Oh, how naive I was! Four days later, I got my answer. And that answer was MEDAL. MEDAL? On November 11th? Wait a minute -- was the Times punning with its Wordle on Veterans Day? Hmm. I was willing to chalk it up to a coincidence, until November 23rd, the day before Thanksgiving, one of the busiest travel days of the year when DRIVE appeared. I tapped angrily on my phone, muttering to myself. And then, on the day of the holiday itself? FEAST. This -- this was too much. My treasured mind awakener had gone soft. (Two days later came CLEAN. Harrumph.)

Folks (FOLKS), I do not want a punny Wordle. Wordle should not be cutesy, or themed, or even ironic. Wordle should stay hard and weird. No hints! Especially no thematic hints! People on Twitter should post their scores, and we should be able to scoff privately. Haha, what a loser; it took him four guesses! When the word is FEAST, you then must wonder: Did he intentionally take four guesses so as not to appear lame?? Wordle's very randomness is what makes it so great! It's why thousands of people play. And, I'd wager, why the Times eagerly shelled out in the "low seven figures" for it. The ability to guess the Wordle based on context clues that would appeal to Andy Borowitz is soul-crushing. Or, at the very least, quite annoying.

AmiMoJo writes: Users of AI image generator Stable Diffusion are angry about an update to the software that "nerfs" its ability to generate NSFW output and pictures in the style of specific artists. Stability AI, the company that funds and disseminates the software, announced Stable Diffusion Version 2 early this morning European time. The update re-engineers key components of the model and improves certain features like upscaling (the ability to increase the resolution of images) and in-painting (context-aware editing). But, the changes also make it harder for Stable Diffusion to generate certain types of images that have attracted both controversy and criticism. These include nude and pornographic output, photorealistic pictures of celebrities, and images that mimic the artwork of specific artists.

"They have nerfed the model," commented one user on a Stable Diffusion sub-reddit. "It's kinda an unpleasant surprise," said another on the software's official Discord server. Users note that asking Version 2 of Stable Diffusion to generate images in the style of Greg Rutkowski -- a digital artist whose name has become a literal shorthand for producing high-quality images -- no longer creates artwork that closely resembles his own. "What did you do to greg," commented one user on Discord.

Kite, a start-up that has been developing artificial intelligence technology to help developers write code for nearly a decade, is saying farewell and open-sourcing its code. Silicon Republic reports: Based in San Francisco, Kite was founded in 2014 as an early pioneer in the emerging field of AI that assists software developers in writing code -- an 'autocomplete' for programming of sorts. But now, after eight years of pursuing its vision to be a leader in AI-assisted programming, founder Adam Smith announced on the company website that the business is now wrapping up. According to him, even state-of-the-art machine learning models today don't understand the structure of code -- and too few developers are willing to pay for available services. "We failed to deliver our vision of AI-assisted programming because we were 10-plus years too early to market, ie, the tech is not ready yet," Smith explained. "You can see this in GitHub Copilot, which is built by GitHub in collaboration with OpenAI. As of late 2022, Copilot shows a lot of promise but still has a long way to go."

Copilot was first revealed in June 2021 as an AI assistant for programmers that essentially does for coding what predictive text does for writing emails. Developed in collaboration with OpenAI, GitHub had kept Copilot in technical preview until this summer, during which time it had been used by more than 1.2m developers. The AI was made available to all developers in June, at a cost of $10 a month or $100 a year. However, Smith said that the inadequacy of machine learning models in understanding the structure of code, such as non-local context, has been an insurmountable challenge for the Kite team. "We made some progress towards better models for code, but the problem is very engineering intensive. It may cost over $100m to build a production-quality tool capable of synthesizing code reliably, and nobody has tried that quite yet."

While the business could have still been successful without necessarily increasing developer productivity by 10 times using AI, Smith said he thinks that Kite's delay and unsuccessful attempt at monetizing the service prevented the start-up from taking flight. "We sequenced building our business in the following order: First we built our team, then the product, then distribution and then monetization," he explained, adding that Kite did not reach product-market fit until 2019, five years after starting the company. Despite the time taken to get to the market, Smith said Kite was able to capture 500,000 monthly active developers using its AI with "almost zero marketing spend." But the product failed to generate revenue because the developers refused to pay for it. Smith says most of their code has been open sourced on GitHub, including their "data-driven Python type inference engine, Python public-package analyzer, desktop software, editor integrations, GitHub crawler and analyzer, and more more."

Launched last week on the Xbox, PlayStation, Nintendo Switch, and Steam, Atari 50: The Anniversary Collection contains over 100 games, and also "over an hour of exclusive video interviews with key players in the games industry" (according to its web site). Forbes says the compilation "may well be the best game collection ever made." The Verge says the compilation is "huge, detailed, and does an amazing job of explaining why these games are so important."

But Ars Technica complains it's "stuffed with historical filler."

And yet, "one new game contained in the package won't let me go..." their reviewer adds. "I'm talking about Vctr Sctr, a retro-style arcade shooter that melds the addictive gameplay of classics like Asteroids and Tempest with modern gameplay concepts." As a package, Atari 50: The Anniversary Collection sets a new high-water mark for retro video game compilations. The collection's "timeline" feature deftly weaves archival materials like design documents and manuals, explanatory context and contemporary quotes from the game's release, and new video interviews with game creators into an engaging, interactive trip through gaming history.

But while the presentation shines, the games contained within Atari 50 often don't. Sure, there are a few truly replayable classics on offer here, especially in the games from Atari's glorious arcade era. That said, the bulk of Atari 50's selection of over 100 titles feels like filler that just doesn't hold up from a modern game design perspective. Dozens of "classic" Atari games — from 3-D Tic-Tac-Toe on the Atari 2600 to Missile Command 3D on the Jaguar — boil down to mere historical curiosities that most modern players would be hard-pressed to tolerate for longer than a couple of minutes.

Then there's Vctr Sctr, one of a handful of "reimagined" games on Atari 50 that attempt to re-create the feel of a classic Atari title with modern hardware and design touches.... More than just the look, Vctr Sctr does a great job capturing and updating what vector games of the early arcade era felt like to play.
Vctr Sctr apparently manages to combine updated versions of Asteroids, Lunar Lander, , and Tempest (in increasingly difficult waves). The article notes it's just one of six "reimagined" titles in Atari 50, but calls Vctr Sctr "a perfect brain-break game, an excuse to ignore the outside world for a quick, distracting burst of focused, high-energy chaos.

"In that way, it might be Atari 50's best demonstration of what the classic arcade era was really like."

Ubisoft and Riot Games are teaming up on a new research project that's intended to reduce toxic in-game chats. From a report: The new project, called "Zero Harm in Comms," will be broken up into two main phases. For the first phase, Ubisoft and Riot will try to create a framework that lets them share, collect, and tag data in a privacy-protecting way. It's a critical first step to ensure that the companies aren't keeping data that contains personally identifiable information, and if Ubisoft and Riot find they can't do it, "the project stops," Yves Jacquier, executive director at Ubisoft La Forge, said in an interview with The Verge.

Once that privacy-protecting framework is established, Ubisoft and Riot plan to build tools that use AI trained by the datasets to try and detect and mitigate "disruptive behaviors," according to a press release. Traditionally, detecting harmful intent has relied on "dictionary-based technologies," where you have a list of words spelled in different ways that can be used to determine if a message might be bad, according to Jacquier. With this partnership, Ubisoft and Riot are trying to use natural language processing to extract the general meaning of a sentence but take the context of the discussion into account, he said.

An anonymous reader quotes a report from Motherboard: Over a dozen public libraries in the U.S. and Canada have begun offering their own music streaming services to patrons, with the goal of boosting artists and local music scenes. The services are region-specific, and offer local artists non-exclusive licenses to make their albums available to the community. The concept originated in 2014 when Preston Austin and Kelly Hiser helped the Madison Public Library build the Yahara Music Library, an online library hosting music from local artists. By the time they completed their work on Yahara, they were confident they had a software prototype that other interested libraries could customize and deploy. "That became kind of the inspiration for building MUSICat," Austin told Motherboard, referring to the software platform he and Hiser created under a startup called Rabble.

Now, public libraries in Pittsburgh, Nashville, Fort Worth, and most recently New Orleans have launched their own community-oriented streaming services using MUSICat's open source software. Joshua Smith works at New Orleans Public Library and has been embedded in the city's rich music scene for over a decade. He oversaw the launch of Crescent City Sounds with help from a team of curators that represent local artists and business owners, music journalists and historians and more. "They helped me get the word out to the music community," Smith told Motherboard, noting that their community status helped spread the word that the library now accepts digital music submissions. Smith says that for this first round, the curators accepted albums from artists that were released in the last five years, and that while living within city limits wasn't necessarily a deal breaker, not gigging regularly in the area was. To be considered, applicants needed to submit at least one track from their album. [...] He says each selected artist received a $250 honorarium to license their music to the New Orleans Public Library for five years -- a far cry from the fractions-of-a-penny per stream paid to independent artists by platforms like Spotify. This honorarium and licensing agreement is roughly the standard for public libraries following Rabble's process model. Austin does insist that libraries using MUSICat meet the basic criteria of paying artists to license their work to their libraries. But for everything else, Austin notes that these pre-established models are guidelines, not guardrails.

One example of a public library that took MUSICat and ran with it is Capital City Records -- the music streaming platform of the Edmonton Public Library in Alberta, Canada. An early adopter of MUSICat, the library's collection has grown to amass over 200 local musicians. The project also created opportunities for the library to engage in spin-off projects like limited run of vinyl pressings and running library-focused music events throughout the city. While over 2,000 artists are featured on one of MUSICat's music platforms, Austin says the company wants to continue forming partnerships with libraries on the local level. So for music lovers looking to jump ship from Spotify, he has a clear message: "This is not Spotify for libraries," Austin said. "It's a little different. The localness is kind of key. I don't think we could, for example, use the same strategy on the same fee to license on aggregate collection, which was all the local music from all the libraries available on the music hat app, right, like something like that would need to, it would need to be about the local collections and take people to them and let them play that music in context."

Microsoft has started testing a new search and filtering system for the Task Manager on Windows 11. It will allow Windows users to easily search for a misbehaving app and end its process or quickly create a dump file, enable efficiency mode, and more. From a report: "This is the top feature request from our users to filter / search for processes," explains the Windows Insider team in a blog post. "You can filter either using the binary name, PID or publisher name. The filter algorithm matches the context keyword with all possible matches and displays them on the current page." You'll be able to use the alt + F keyboard shortcut to jump to the filter box in the Task Manager, and results will be filtered into single or groups of processes that you can monitor or take action on. Alongside the new search and filter functionality, Microsoft is also adding the ability to pick between light or dark themes in the Task Manager. Themes will also be applied fully throughout Task Manager, with some updates to its UI to fit more closely with Microsoft's overall Fluent work.

joshuark shares a report from BleepingComputer, written by Ax Sharma: Searching for 'GIMP' on Google as recently as last week would show visitors an ad for 'GIMP.org,' the official website of the well known graphics editor, GNU Image Manipulation Program. This ad would appear to be legitimate as it'd state 'GIMP.org' as the destination domain. But clicking on it drove visitors to a lookalike phishing website that provided them with a 700 MB executable disguised as GIMP which, in reality, was malware.

Reddit user ZachIngram04 earlier shared the development stating that the ad previously took users to a Dropbox URL to serve malware, but was soon "replaced with an even more malicious one" which employed a fake replica website 'gilimp.org' to serve malware. BleepingCompuer observed another domain 'gimp.monster' related to this campaign. To pass off the trojanized executable as GIMP in a believable manner to the user, the threat actor artificially inflated the malware, that is otherwise under 5 MB in size, to 700 MB by a simple technique known as binary padding. It still isn't clear if this instance was a slip up caused by a potential bug in Google Ad Manager that allowed malvertising.

An anonymous reader quotes a report from The Intercept: The Department of Homeland Security is quietly broadening its efforts to curb speech it considers dangerous, an investigation by The Intercept has found. Years of internal DHS memos, emails, and documents -- obtained via leaks and an ongoing lawsuit, as well as public documents -- illustrate an expansive effort by the agency to influence tech platforms. The work, much of which remains unknown to the American public, came into clearer view earlier this year when DHS announced a new "Disinformation Governance Board": a panel designed to police misinformation (false information spread unintentionally), disinformation (false information spread intentionally), and malinformation (factual information shared, typically out of context, with harmful intent) that allegedly threatens U.S. interests. While the board was widely ridiculed, immediately scaled back, and then shut down within a few months, other initiatives are underway as DHS pivots to monitoring social media now that its original mandate -- the war on terror -- has been wound down.

Behind closed doors, and through pressure on private platforms, the U.S. government has used its power to try to shape online discourse. According to meeting minutes and other records appended to a lawsuit filed by Missouri Attorney General Eric Schmitt, a Republican who is also running for Senate, discussions have ranged from the scale and scope of government intervention in online discourse to the mechanics of streamlining takedown requests for false or intentionally misleading information. [...] There is also a formalized process for government officials to directly flag content on Facebook or Instagram and request that it be throttled or suppressed through a special Facebook portal that requires a government or law enforcement email to use. At the time of writing, the "content request system" at facebook.com/xtakedowns/login is still live. These are the key takeaways from the report: - Though DHS shuttered its controversial Disinformation Governance Board, a strategic document reveals the underlying work is ongoing.
- DHS plans to target inaccurate information on 'the origins of the COVID-19 pandemic and the efficacy of COVID-19 vaccines, racial justice, U.S. withdrawal from Afghanistan, and the nature of U.S. support to Ukraine."
- Facebook created a special portal for DHS and government partners to report disinformation directly.
- The work is primarily done by CISA, a DHS sub-agency tasked with protecting critical national infrastructure.
- DHS, the FBI, and several media entities are having biweekly meetings as recently as August.
- DHS considered countering disinformation relating to content that undermines trust in financial systems and courts.
- The FBI agent who primed social media platforms to take down the Hunter Biden laptop story continued to have a role in DHS policy discussions.

Microsoft is building an Xbox mobile store to directly offer games on mobile devices, challenging Apple and Google. The software giant first hinted at a "next-generation" store it would "build for games" earlier this year but has now quietly revealed details of the plans in filings with the UK's Competition and Markets Authority (CMA). From a report: The CMA is currently investigating the $68.7 billion Activision Blizzard acquisition and has asked Microsoft for context. In its filings, Microsoft says a big motivation for the purchase is to help build out its mobile gaming presence. Its plans for this space apparently include creating an Xbox mobile gaming platform and store.

Here's what the company says in the filings: "The transaction will improve Microsoft's ability to create a next generation game store which operates across a range of devices, including mobile as a result of the addition of Activision Blizzard's content. Building on Activision Blizzard's existing communities of gamers, Xbox will seek to scale the Xbox Store to mobile, attracting gamers to a new Xbox Mobile Platform. Shifting consumers away from the Google Play Store and App Store on mobile devices will, however, require a major shift in consumer behavior. Microsoft hopes that by offering well-known and popular content, gamers will be more inclined to try something new."

schwit1 shares a blog post from Signal, the popular instant messaging app: In the interest of privacy, security, and clarity we're beginning to phase out SMS support from the Android app. You'll have several months to export your messages and either find a new app for SMS or tell your friends to download Signal.

[...] To give some context, when we started supporting SMS, Signal didn't exist yet. Our Android app was called TextSecure and the Signal encryption protocol was called Axolotl. Almost a decade has passed since then, and a lot has changed. In this time we changed our name, built iOS and desktop apps, and grew from a small project to the most widely used private messaging service on the planet. And we continued supporting the sending and receiving of plaintext SMS messages via the Signal interface on Android. We did this because we knew that Signal would be easier for people to use if it could serve as a homebase for most of the messages they were sending or receiving, without having to convince the people they wanted to talk to to switch to Signal first. But this came with a tradeoff: it meant that some messages sent and received via the Signal interface on Android were not protected by Signal's strong privacy guarantees.

We have now reached the point where SMS support no longer makes sense. For those of you interested, we walk through our reasoning in more detail below. In order to enable a more streamlined Signal experience, we are starting to phase out SMS support from the Android app. You will have several months to transition away from SMS in Signal, to export your SMS messages to another app, and to let the people you talk to know that they might want to switch to Signal, or find another channel if not.