D-Link confirmed no fix will be issued for the over 60,000 D-Link NAS devices that are vulnerable to a critical command injection flaw (CVE-2024-10914), allowing unauthenticated attackers to execute arbitrary commands through unsanitized HTTP requests. The networking company advises users to retire or isolate the affected devices from public internet access. BleepingComputer reports: The flaw impacts multiple models of D-Link network-attached storage (NAS) devices that are commonly used by small businesses: DNS-320 Version 1.00; DNS-320LW Version 1.01.0914.2012; DNS-325 Version 1.01, Version 1.02; and DNS-340L Version 1.08. [...] A search that Netsecfish conducted on the FOFA platform returned 61,147 results at 41,097 unique IP addresses for D-Link devices vulnerable to CVE-2024-10914.

In a security bulletin today, D-Link has confirmed that a fix for CVE-2024-10914 is not coming and the vendor recommends that users retire vulnerable products. If that is not possible at the moment, users should at least isolate them from the public internet or place them under stricter access conditions. The same researcher discovered in April this year an arbitrary command injection and hardcoded backdoor flaw, tracked as CVE-2024-3273, impacting mostly the same D-Link NAS models as the latest flaw.

Donald Trump's new crypto project, World Liberty Financial, had a rocky start today with frequent website outages during its token sale. According to CNBC, only about 4% of registered investors have bought tokens, and the project sold less than 3% of the 20 billion tokens available. From the report: WLF's website suffered regular and lengthy outages for much of the morning and early afternoon, contributing to a limited number of sales. Only about 4,300 unique walled addresses hold the token as of Tuesday afternoon, according to blockchain data tracked by Etherscan, representing roughly 4% of the total number of people who registered.

The platform says it has sold more than 532 million tokens at 15 cents per token. That is less than 3% of the 20 billion tokens made available for public sale. Over the course of the day, the website frequently showed a page saying, "We are under maintenance." The glitchy launch is a potential setback to the Republican presidential nominee with just three weeks until the election. Trump and his family have been touting the project since August, branding it as "The DeFiant Ones," a play on DeFi, which is short for decentralized finance.

Investment firm Hindenburg Research claims Roblox is "consistently overstating the amount of people on its platform by 25 percent to 42 percent or more." The Verge reports: Roblox, which went public in 2021, reported having 79.5 million daily active users in its most recent earnings report. However, Hindenburg claims Roblox "intentionally conflates" actual people with daily users, as that number could also include alt accounts and bots. The research alleges that Roblox can separate alt accounts from single users, even though the company's disclosure says daily active users "are not a measure of unique individuals accessing Roblox."

Hindenburg is an activist short-selling firm that infamously publishes research when it says it's identified something shady about a business, allowing it to make a profit as its share value declines. One example is from 2020, when Hindenburg accused the EV startup Nikola of fraud. Subsequently, an investigation by the Securities and Exchange Commission (SEC) resulted in a four-year prison sentence for its founder, Trevor Milton. [...] The firm also claims Roblox isn't doing enough to protect children on the platform, alleging its "in-game research revealed an X-rated pedophile hellscape, exposing children to grooming, pornography, violent content and extremely abusive speech." Roblox shares dipped following the release of the report. Desiree Fish, Roblox's chief communications officer, said in a statement: "We totally reject the claims made in the report. The financial claims made by Hindenburg Research are simply misleading. The authors are, admittedly short sellers and have an agenda irrespective of the substance of Roblox's business model and results. Over the past four quarters our bookings, the amount of cash receipts, have grown over 22% from $780.7 million in Q2 2023 to $955.2 million in Q2 2024. Over the same time, cash provided by operating activities have totaled $646.3 million, free cash flow was $440.3 million, and we have guided to even higher numbers for fiscal 2024. An examination of our GAAP balance sheet and our GAAP cash flow statement makes that clear. The focus on cash bookings and cash flow are themes that we have focused on consistently with investors dating back to our days as a private company. The author made no attempt to highlight any of that because the positive facts simply don't support their agenda."

Six months after going public, Reddit "is winning over advertisers," reports Bloomberg, "by showing that it's different than other internet platforms, which often rely on users' identities and personal information to target ads." Instead, Reddit is targeting people based on their interests, relying on the site's [100,000+] deeply detailed communities — called subreddits — to match advertisers with potential customers... Early returns on that strategy have been promising. The text-based site easily surpassed expectations in its first two earnings reports this year, disclosing strong sales and better-than-expected projected growth. The stock is up 66% from its $34 initial public offering price in March.

Beyond targeting subreddits, the company also can use specific keywords to sell what it calls conversation ads. If a Redditor in r/HydroHomies — a community about the benefits of drinking water that has more than 1.2 million users — asks for advice about a specific brand of water bottle, an ad for that exact product could appear next to that user's post. These conversation ads are the fastest-growing ad format on the platform, the company said. They also give marketers a chance to appear in subreddits where customers are already talking about them...

Despite being around for close to 20 years, Reddit only started investing heavily in its advertising business in 2018, and is now hoping that marketers and investors are ready to acknowledge the site has grown up. Executives often point to its unique form of content moderation as proof that it's a safer place for brands than other sites. Reddit largely relies on a group of more than 60,000 human moderators — users who volunteer to serve as a sort of content police — to flag or take down unsavory content. On top of that, the site has a voting system so users can rate the quality of content. "From everything we're seeing, they have a level of brand safety and content safety for advertisers that is very comparable to most other social platforms," said Jack Johnston, senior social innovation director at performance marketing agency Tinuiti, which buys ads on Meta, Pinterest, X and Reddit. "That wasn't necessarily the case a couple years ago."

Those improvements have paid dividends. Reddit recently signed new content partnerships with major sports leagues, including the NFL, NBA and MLB, and the majority of Reddit's advertising revenue comes from Fortune 500 companies. Last year, the site made close to $800 million in ad sales, and counts marquee brands like Toyota, Disney, Samsung and Ulta Beauty among its advertisers. This year, analysts expect Reddit's overall advertising business to eclipse $1.1 billion in revenue and see the company reaching $2 billion in sales as soon as 2027, according to data compiled by Bloomberg. To get there, Reddit will need to court smaller marketers, too. The company makes more than 25% of its revenue from just 10 advertisers, meaning any unexpected pullback from a key partner could have a significant impact on the company's business, said Dan Salmon, lead analyst at New Street Research. "This army of small businesses — that's the most important thing for all of those platforms, for Reddit, for Pinterest, for X," he said...

Advertisers large and small say they're already planning to spend more on Reddit in the coming quarters.
The article points out that more than 90 million people visit Reddit each day.

America's National Institute of Standards and Technology (NIST) has released a new open-source software tool called Dioptra for testing the resilience of machine learning models to various types of attacks.

"Key features that are new from the alpha release include a new web-based front end, user authentication, and provenance tracking of all the elements of an experiment, which enables reproducibility and verification of results," a NIST spokesperson told SC Media: Previous NIST research identified three main categories of attacks against machine learning algorithms: evasion, poisoning and oracle. Evasion attacks aim to trigger an inaccurate model response by manipulating the data input (for example, by adding noise), poisoning attacks aim to impede the model's accuracy by altering its training data, leading to incorrect associations, and oracle attacks aim to "reverse engineer" the model to gain information about its training dataset or parameters, according to NIST.

The free platform enables users to determine to what degree attacks in the three categories mentioned will affect model performance and can also be used to gauge the use of various defenses such as data sanitization or more robust training methods.

The open-source testbed has a modular design to support experimentation with different combinations of factors such as different models, training datasets, attack tactics and defenses. The newly released 1.0.0 version of Dioptra comes with a number of features to maximize its accessibility to first-party model developers, second-party model users or purchasers, third-party model testers or auditors, and researchers in the ML field alike. Along with its modular architecture design and user-friendly web interface, Dioptra 1.0.0 is also extensible and interoperable with Python plugins that add functionality... Dioptra tracks experiment histories, including inputs and resource snapshots that support traceable and reproducible testing, which can unveil insights that lead to more effective model development and defenses.
NIST also published final versions of three "guidance" documents, according to the article. "The first tackles 12 unique risks of generative AI along with more than 200 recommended actions to help manage these risks. The second outlines Secure Software Development Practices for Generative AI and Dual-Use Foundation Models, and the third provides a plan for global cooperation in the development of AI standards."

Thanks to Slashdot reader spatwei for sharing the news.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what's known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://github.com/raywu-aaeon..., and it's not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

Binarly researchers said their scans of firmware images uncovered 215 devices that use the compromised key, which can be identified by the certificate serial number 55:fb:ef:87:81:23:00:84:47:17:0b:b3:cd:87:3a:f4. A table appearing at the end of this article lists each one. The researchers soon discovered that the compromise of the key was just the beginning of a much bigger supply-chain breakdown that raises serious doubts about the integrity of Secure Boot on more than 300 additional device models from virtually all major device manufacturers. As is the case with the platform key compromised in the 2022 GitHub leak, an additional 21 platform keys contain the strings "DO NOT SHIP" or "DO NOT TRUST." These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations. As the strings suggest, the keys were never intended to be used in production systems. Instead, AMI provided them to customers or prospective customers for testing. For reasons that aren't clear, the test keys made their way into devices from a nearly inexhaustive roster of makers. In addition to the five makers mentioned earlier, they include Aopen, Foremelife, Fujitsu, HP, Lenovo, and Supermicro.

Cryptographic key management best practices call for credentials such as production platform keys to be unique for every product line or, at a minimum, to be unique to a given device manufacturer. Best practices also dictate that keys should be rotated periodically. The test keys discovered by Binarly, by contrast, were shared for more than a decade among more than a dozen independent device makers. The result is that the keys can no longer be trusted because the private portion of them is an open industry secret. Binarly has named its discovery PKfail in recognition of the massive supply-chain snafu resulting from the industry-wide failure to properly manage platform keys. The report is available here. Proof-of-concept videos are here and here. Binarly has provided a scanning tool here. "It's a big problem," said Martin Smolar, a malware analyst specializing in rootkits who reviewed the Binarly research. "It's basically an unlimited Secure Boot bypass for these devices that use this platform key. So until device manufacturers or OEMs provide firmware updates, anyone can basically... execute any malware or untrusted code during system boot. Of course, privileged access is required, but that's not a problem in many cases."

Binarly founder and CEO Alex Matrosov added: "Imagine all the people in an apartment building have the same front door lock and key. If anyone loses the key, it could be a problem for the entire building. But what if things are even worse and other buildings have the same lock and the keys?"

An anonymous reader quotes an op-ed for Slate, written by Amanda Chen: In August 2009, Wired magazine ran a cover story on Craigslist founder Craig Newmark titled "Why Craigslist Is Such a Mess." The opening paragraphs excoriate almost every aspect of the online classifieds platform as "underdeveloped," a "wasteland of hyperlinks," and demands that we, the public, ought to have higher standards. The same sentiment can found across tech forums and trade publications, a missed opportunity that the average self-professed LinkedIn expert on #UX #UI #design will have you believe that they are the first to point out. But as sites like Craigslist increasingly turn into digital artifacts, more people, myself included, are starting to see the beauty that belies those same features. Without them, where else on the internet could you find such ardent professions of desire or loneliness, or the random detritus of a life so steeply discounted?

The site has changed relatively little in both functionality and appearance since Newmark launched it in 1995 as a friends and family listserv for jobs and other opportunities. Yet in spite of that, it remains a household name whose niche in the contemporary digital landscape has yet to be usurped, with an estimated 180 million visits in May 2024. Though, it's certainly not for a lack of newcomers attempting to stake their claims on the booming C2C market; in the U.S., Facebook Marketplace, launched in 2016, is its closest direct competitor, followed by platforms like Nextdoor and OfferUp. Craigslist's business model is quite simple: Users in a few categories -- apartments in select cities, jobs, vehicles for sale -- pay a small but reasonable fee to make posts. Everything else is free. Its Perl-backed tech is straightforward. The team is relatively lean, as the company considers functions like sales and marketing superfluous. This strategy has allowed Craigslist to stay extremely profitable throughout the years without implementing sophisticated recommendation algorithms or inundating the webpage with third-party advertisements. Its runaway success threatens decades-old industry gospels of growth, disruption, and innovation, and might force tech evangelists to admit they don't fully understand what people want. [...]

These days I find myself casually browsing Craigslist in lieu of Instagram. Like readers of a local paper, I use it to keep a pulse on what's happening around me, even if I'll never know who these people are. That's beside the point. Perhaps Craigslist's single greatest cultural contribution, and my favorite place to lurk, is the "missed connections." The feature has inspired countless copycats, artistic reinterpretations, human interest stories, and analyses (one in particular extrapolated that Monday evenings are the most lovelorn time across the country). There is something deeply comforting about seeing those intangible threads of yearning which permeate a city so plainly laid out, as confirmation that you're not alone in wanting to be seen by others alive in the same place and time as you. Sometimes I'll peruse random job listings or the "free" section. This leads to the ever-amusing exercise, which I'll often invite friends to participate in, of speculating about the motivations and circumstances behind an object's acquisition and imminent relinquishment. I'll even visit the clunky, dial-up era-style discussion forums, subdivided into topics labeled things like "death and dying" or "haiku hotel," where a unique penchant for whimsy and romance can be felt deeply throughout. On Craigslist, a post can be a shout into the void that may or may not be returned, an affirmation of life, but regardless, in 45 days it's gone. Positioned somewhere in between digital ephemera and archive, the site's images and language are often utilitarian, occasionally unintelligible, and just when you least expect it, absurd, poetic, and profound. "Frequently, technologists remain convinced that the market will eventually reveal a solution for all of our deep-seated societal problems, something that we can hack if only granted access to better tech," writes Chen, in closing. "From the start, the industry has advanced the idea that change is inherently good, even if only for its own sake, which can be viewed as symptomatic of the accelerating conditions of late-stage capitalism. Of course, there are many ways in which change is desperately needed in this moment, but when it comes to the particular case of Craigslist, it hardly seems necessary."

Reddit reported its first results since going public in late March. Yahoo Finance reports: Daily active users increased 37% year over year to 82.7 million. Weekly active unique users rose 40% from the prior year. Total revenue improved 48% to $243 million, nearly doubling the growth rate from the prior quarter, due to strength in advertising. The company delivered adjusted operating profits of $10 million, versus a $50.2 million loss a year ago. [Reddit CEO Steve] Huffman declined to say when the company would be profitable on a net income basis, noting it's a focus for the management team. Other areas of focus include rolling out a new user interface this year, introducing shopping capabilities, and searching for another artificial intelligence content licensing deal like the one with Google.
Bloomberg notes that already Reddit "has signed licensing agreements worth $203 million in total, with terms ranging from two to three years. The company generated about $20 million from AI content deals last quarter, and expects to bring in more than $60 million by the end of the year."

And elsewhere Bloomberg writes that Reddit "plans to expand its revenue streams outside of advertising into what Huffman calls the 'user economy' — users making money from others on the platform... " In the coming months Reddit plans to launch new versions of awards, which are digital gifts users can give to each other, along with other products... Reddit also plans to continue striking data licensing deals with artificial intelligence companies, expanding into international markets and evaluating potential acquisition targets in areas such as search, he said.
Meanwhile, ZDNet notes that this week a Reddit announcement "introduced a new public content policy that lays out a framework for how partners and third parties can access user-posted content on its site." The post explains that more and more companies are using unsavory means to access user data in bulk, including Reddit posts. Once a company gets this data, there's no limit to what it can do with it. Reddit will continue to block "bad actors" that use unauthorized methods to get data, the company says, but it's taking additional steps to keep users safe from the site's partners.... Reddit still supports using its data for research: It's creating a new subreddit — r/reddit4researchers — to support these initiatives, and partnering with OpenMined to help improve research. Private data is, however, going to stay private.

If a company wants to use Reddit data for commercial purposes, including advertising or training AI, it will have to pay. Reddit made this clear by saying, "If you're interested in using Reddit data to power, augment, or enhance your product or service for any commercial purposes, we require a contract." To be clear, Reddit is still selling users' data — it's just making sure that unscrupulous actors have a tougher time accessing that data for free and researchers have an easier time finding what they need.
And finally, there's some court action, according to the Register. Reddit "was sued by an unhappy advertiser who claims that internet giga-forum sold ads but provided no way to verify that real people were responsible for clicking on them." The complaint [PDF] was filed this week in a U.S. federal court in northern California on behalf of LevelFields, a Virginia-based investment research platform that relies on AI. It says the biz booked pay-per-click ads on the discussion site starting September 2022... That arrangement called for Reddit to use reasonable means to ensure that LevelField's ads were delivered to and clicked on by actual people rather than bots and the like. But according to the complaint, Reddit broke that contract...

LevelFields argues that Reddit is in a particularly good position to track click fraud because it's serving ads on its own site, as opposed to third-party properties where it may have less visibility into network traffic... Nonetheless, LevelFields's effort to obtain IP address data to verify the ads it was billed for went unfulfilled. The social media site "provided click logs without IP addresses," the complaint says. "Reddit represented that it was not able to provide IP addresses."
"The plaintiffs aspire to have their claim certified as a class action," the article adds — along with an interesting statistic.

"According to Juniper Research, 22 percent of ad spending last year was lost to click fraud, amounting to $84 billion."

Less than two weeks after President Biden signed a bill that will force TikTok's Chinese owner, ByteDance, to sell the popular social media app or face a ban in the United States, TikTok said it sued the federal government on Tuesday, arguing the law was unconstitutional. From a report: TikTok said that the law violated the First Amendment by effectively removing an app that millions of Americans use to share their views and communicate freely. It also argued that a divestiture was "simply not possible," especially within the law's 270-day timeline, pointing to difficulties such as Beijing's refusal to sell a key feature that powers TikTok in the United States.

"For the first time in history, Congress has enacted a law that subjects a single, named speech platform to a permanent, nationwide ban, and bars every American from participating in a unique online community with more than one billion people worldwide," the company said in the 67-page petition it provided, which initiates the lawsuit. "There is no question: The act will force a shutdown of TikTok by Jan. 19, 2025." TikTok is battling for its survival in the United States, with the fight set to play out primarily in courts over the next few months. While lawmakers who passed the bill have said the app is a national security threat because of its ties to China, the courts must now weigh those concerns against TikTok's argument that a sale or ban would violate the First Amendment free-speech rights of its users and hurt small businesses that owe their livelihood to the platform.

An anonymous reader quotes a report from Reuters: Reddit will need to spend heavily on content moderation as it may face greater scrutiny as a public company, analysts said, threatening its longstanding policy of relying on an army of volunteers to maintain order on its platform. The newly listed company warned in its initial public offering (IPO) paperwork that its unique approach to content moderation can sometimes subject it to disruptions like in 2023, when several moderators protested against its decision to charge third-party app developers for access to its data.

Depending on volunteers is not sustainable, given the regulatory scrutiny that the company will now face, said Julian Klymochko, CEO of alternative investment solutions firm Accelerate Financial Technologies. "It's like relying on unpaid labor when the company has nearly a billion dollars in revenue," he added. Reddit reported revenue of $804 million in 2023, according to an earlier filing. Reddit will need to make substantial investments in trust and safety, which could lead to a "dramatic" rise in expenses, Klymochko said. Josh White, former economist at the Securities and Exchange Commission and assistant professor of finance at Vanderbilt University, also said that banking on free volunteers is Reddit's biggest risk. The company would need to ramp up spending on anti-misinformation efforts especially as the U.S. prepares for the presidential election later this year, White said. "We believe our approach is the most sustainable and scalable moderation model that exists online today. We are continually investing in and iterating on new tools and policies to improve our internal capabilities," the Reddit spokesperson said.

Microsoft announced this week that four of Xbox's previously-exclusive games are going cross-platform to PlayStation and Switch. Xbox head Phil Spencer says in a new interview that he'd like to see Sony and Nintendo bring their games to Xbox -- but that he isn't holding his breath. From a report: In an interview for journalist Stephen Totilo's Game File newsletter, Spencer said the decision to bring four Xbox games to other consoles wasn't intended to make its rivals follow suit. "This is not for me, like, some kind of bartering system," Spencer explained. "We're doing it for the better of Xbox's business." Despite this, Spencer said he would of course welcome other consoles' games on Xbox, and noted that it would be beneficial for multiplayer games in particular, where building a large online community is important for a game's lifespan.

"I will say, when I look at a game like Helldivers 2 -- and it's a great game, kudos to the team shipping on PC and PlayStation -- I'm not exactly sure who it helps in the industry by not being on Xbox," he said. "If you try to twist yourself to say, like, somehow that benefited somebody somewhere. But I get it. There's a legacy in console gaming that we're going to benefit by shipping games and not putting them on other places. We do the same thing." Spencer also noted that Helldivers 2 -- which Sony released on PlayStation and PC on the same day -- is doing well on the latter. "I will say shipping more games in more places and making them more accessible to more people is a good part of the gaming business," he said. Further reading: Phil Spencer Puts Apple's Money Where His Mouth Is.

Tom Warren reports via The Verge: Microsoft is teasing the potential for unique Xbox hardware in the future and a powerful next-gen console. Four previously exclusive Xbox games are officially coming to the PS5 and Nintendo Switch soon, and Microsoft wants to reassure Xbox fans that it's still very much invested in the future of its platform and hardware. In an official Xbox podcast today, Xbox president Sarah Bond teased that Microsoft will deliver 'the largest technical leap' with the next-generation Xbox: "We've got more to come. There's some exciting stuff coming out in hardware that we're going to share this holiday. We're also invested in the next-generation roadmap. What we're really focused on there is delivering the largest technical leap you will have ever seen in a hardware generation, which makes it better for players and better for creators and the visions that they're building."

Speaking to The Verge, Microsoft Gaming CEO Phil Spencer went a step further, teasing that the Xbox hardware teams are thinking about building different kinds of hardware. "I'm very proud of the work that the hardware team is doing, not only for this year, but also into the future," says Spencer. "[We're] really thinking about creating hardware that sells to gamers because of the unique aspects of the hardware. It's kind of an unleashing of the creative capability of our hardware team that I'm really excited about."

Perhaps that unique hardware is an Xbox handheld. "We see a lot of opportunity in different types of devices, and will share specifics on our future hardware plans as soon as we are ready," says Microsoft in an Xbox blog post today.

For months, Alphabet's Google and Discord have run an invitation-only chat for heavy users of Bard, Google's artificial intelligence-powered chatbot. Google product managers, designers and engineers are using the forum to openly debate the AI tool's effectiveness and utility, with some questioning whether the enormous resources going into development are worth it. From a report: "My rule of thumb is not to trust LLM output unless I can independently verify it," Dominik Rabiej, a senior product manager for Bard, wrote in the Discord chat in July, referring to large language models -- the AI systems trained on massive amounts of text that form the building blocks of chatbots like Bard and OpenAI's ChatGPT. "Would love to get it to a point that you can, but it isn't there yet."

"The biggest challenge I'm still thinking of: what are LLMs truly useful for, in terms of helpfulness?" said Googler Cathy Pearl, a user experience lead for Bard, in August. "Like really making a difference. TBD!" [...] Two participants on Google's Bard community on chat platform Discord shared details of discussions in the server with Bloomberg from July to October. Dozens of messages reviewed by Bloomberg provide a unique window into how Bard is being used and critiqued by those who know it best, and show that even the company leaders tasked with developing the chatbot feel conflicted about the tool's potential. Expounding on his answer about "not trusting" responses generated by large language models, Rabiej suggested limiting people's use of Bard to "creative / brainstorming applications." Using Bard for coding was a good option too, Rabiej said, "since you inevitably verify if the code works!"

Researchers from several U.S. institutions are collaborating "to develop and test an implantable device able to sense signs of the kind of inflammation associated with cancer," reports CBS News, "and delivery therapy when needed." Northwestern said the implant could significantly improve outcomes for patients with ovarian, pancreatic and other difficult-to-treat cancers — potentially cutting cancer-related deaths in the U.S. in half. "Instead of tethering patients to hospital beds, IV bags and external monitors, we'll use a minimally invasive procedure to implant a small device that continuously monitors their cancer and adjusts their immunotherapy dose in real time," said Rice University bioengineer Omid Veiseh. "This kind of 'closed-loop therapy' has been used for managing diabetes, where you have a glucose monitor that continuously talks to an insulin pump. But for cancer immunotherapy, it's revolutionary."
The project and team are named THOR, an acronym for "targeted hybrid oncotherapeutic regulation..." explains an announcement from Johns Hopkins. "THOR's proposed implant, or 'hybrid advanced molecular manufacturing regulator,' goes by the acronym HAMMR..."

The project will take five and a half years, and includes funding for a first-phase clinical trial treating recurrent ovarian cancer slated to begin in the fourth year. The research is funded by America's newly-established Advanced Research Projects Agency for Health (ARPA-H), according to a statement from the agency, representing its "commitment to supporting Cancer Moonshot goals of decreasing cancer deaths and improving the quality of life for patients..."

And they're also funding two more projects: The Synthetic Programmable bacteria for Immune-directed Killing in tumor Environments (SPIKEs) project, led by a team at the University of Missouri in Columbia, Missouri, aims to develop an inexpensive and safe therapy using bacteria specifically selected for tumor-targeting. Through SPIKEs, researchers intend to engineer bacteria that can recruit and regulate tumor-targeting immune cells, boosting the body's ability to fight off cancer without side-effects from traditional medications. Up to $19 million is allocated towards SPIKEs.

An additional project, with up to $50 million in potential funding inclusive of options, seeks to map cancer cell biomarkers to drastically improve multi-cancer early detection (MCED) and streamline clinical intervention when tumors are still small. Led by the Georgia Institute of Technology in Atlanta, Georgia, the Cancer and Organ Degradome Atlas (CODA) project aims to understand the cellular profiles unique to diseased cancer cells. The CODA platform intends to develop a suite of biosensor tools that can reliably recognize a range of cancer-specific markers and, ultimately, produce a highly precise, accurate, and cost-effective MCED test that can identify common cancers when they are most treatable.
In a statement, ARPA-H's director said that "With these awards, we hope to see crucial advancements in patient-tailored therapies, better and earlier tumor detection methods, and cell therapies that can help the immune system target cancer cells for destruction."

Google is working to push back the expiration date of Chromebooks, addressing concerns held by school administrators that the laptops are too short-lived to be cost effective. From a report: The Alphabet-owned company -- which develops the Chrome operating system running on computers made mostly by others -- said Thursday it plans to provide software updates for Chromebooks for up to a decade. The new policy, which starts next year, ensures that no existing Chromebook will expire within the next two years. The disclosure of this policy change comes after an August column in The Wall Street Journal detailing schools' struggles with expiring Chromebooks. Chromebooks are ubiquitous in classrooms around the country, but some education software doesn't work after what Google calls the Auto Update Expiration date. Unsupported Chromebooks can't be used for mandatory state testing, even if the hardware still appears functional.

When the laptops expire, school districts recycle them, sometimes at a cost, and spend millions of dollars on replacements. Google currently sets expiration dates based on the release date of specific models. Newer models have eight years of support, while older Chromebooks have five. Starting in 2024, Google will support a given laptop "platform" -- a certain combination of hardware components -- for 10 years after the first device in the platform hits store shelves. These so-called platforms aren't unique to specific brands or manufacturers and can be found in a variety of distinct models.

Due to confidence issues and difficulties interviewing, neurodivergent individuals often face higher unemployment rates than their non-neurodivergent counterparts. However, they may possess specialized skills that can enhance team productivity by up to 30% in suitable work settings. A startup backed by OpenAI's Sam Altman aims to help these job seekers find suitable employment opportunities, leveraging technology and assessments to match individuals with roles that best align with their abilities and skills. An anonymous reader shares an excerpt from TechCrunch: Enter Mentra. The Charlotte, N.C.-based startup, whose three co-founders are all autistic is building what it describes as an AI-powered "neuroinclusive employment network." Specifically, its tech platform leverages artificial intelligence to help large enterprises hire employees with cognitive differences such as autism, attention-deficit/hyperactivity disorder (ADHD), dyslexia, obsessive-compulsive disorder (OCD), traumatic brain injury (TBI) and post-traumatic stress disorder (PTSD). The startup's unique premise caught the early attention of OpenAI co-founder and CEO Sam Altman, who first invested in the company with a $1 million pre-seed investment in February 2022 through his venture firm, Hydrazine Capital. Mentra also won an AI for accessibility grant from Microsoft. Shine Capital led its $3.5 million seed round this year, which also included participation from Altman's fund, Verissimo, Full Circle, Charlotte Fund, as well as angel investors including David Apple and Dawn Dobras.

What sets Mentra apart is its approach to job fit, maintains Mentra co-founder and CEO Jhillika Kumar. The startup goes beyond keywords in resumes to match employers with talent, she said, considering factors around a person's neurotype, aptitude, environmental sensitivities. To date, its one-year retention rate has remained at an impressive 97.5%. [...] One way Mentra uses AI is to parse through job descriptions to make sure they are cognitively accessible and broken down in a consistent format that is not exclusionary. "Then we are able to use an algorithm to go through the jobseekers on our platform to identify who's the best fit based on mostly neuro type," Kumar told TechCrunch. "One person might be extremely good at hyper focusing, very detail-oriented, very process-oriented or very strategic, and you have specific skills that map to their strengths in the role." Over 70% of the data Mentra collects is not collected by an Indeed or a traditional job-finding platform. It uses that holistic data to make the match between the job and the individual.

The startup's current revenue model is free for neurodivergent jobseekers, and it charges an annual subscription for enterprise companies to access the platform. It is also building out a neuroinclusion marketplace for service providers such as consultancies and training firms to provide hands-on services to companies that accompany Mentra's core platform. "In the future, we plan to have a similar marketplace available for neurodivergents to access tailored services as well throughout the life of their career such as bootcamps and job coaches," Kumar added.

Spotify is cracking down on white-noise podcasters, reducing the advertising support for programmers that provide little more than soothing sounds like rain or chirping birds. From a report: In an email to creators Friday, the company highlighted changes to its Ambassador Ads program -- promotional spots for Spotify that podcasters read. The company pays hosts to read ads to encourage more creators to make shows and join the platform. As part of the change taking effect Oct. 1, white noise podcasters will no longer be eligible for such support, according to a person with knowledge of the matter. The company is also raising the audience threshold that conventional podcasters must meet to qualify for those ads to 1,000 unique Spotify listeners over the past 60 days from 100.

An anonymous reader quotes a report from Ars Technica: Meta's new Twitter competitor, Threads, is looking for ways to keep users interested after more than half of the people who signed up for the text-based platform stopped actively using the app, Meta CEO Mark Zuckerberg reportedly told employees in a company town hall yesterday. Threads launched on July 5 and signed up over 100 million users in less than five days, buoyed by user frustration with Elon Musk-owned Twitter.

"Obviously, if you have more than 100 million people sign up, ideally it would be awesome if all of them or even half of them stuck around. We're not there yet," Zuckerberg told employees yesterday, according to Reuters, which listened to audio of the event. Third-party data suggests that Threads may have lost many more than half of its active users. Daily active users for Threads on Android dropped from 49 million on July 7 to 23.6 million on July 14, and then to 12.6 million on July 23, web analytics company SimilarWeb reported.

"We don't yet have daily numbers for iOS, but we suspect the boom-and-bust pattern is similar," SimilarWeb wrote. "Threads took off like a rocket, with its close linkage to Instagram as the booster. However, the developers of Threads will need to fill in missing features and add some new and unique ones if they want to make checking the app a daily habit for users." Although losing over half of the initial users in a short period might sound discouraging, the Reuters article said Zuckerberg told employees that user retention was better than Meta executives expected. "Zuckerberg said he considered the drop-off 'normal' and expected retention to grow as the company adds more features to the app, including a desktop version and search functionality," Reuters wrote.

Chicken Soup for the Soul Entertainment, the parent company of Redbox, has partnered with TikTok to stream the platform's short-form videos on screens atop approximately 3,000 Redbox kiosks across the United States. Deadline reports: Third-party brands will also have their ads run alongside the TikTok videos via Chicken Soup's ad platform Crackle Connex. The agreement covers roughly 10% of the total network of Redbox kiosks, which are generally located outside of grocery, convenience and big box retail stores. The out-of-home ad deal is part of a growing effort across the industry to identify alternatives to linear TV and place brand messages in venues like gas stations, elevators and other locations. "TikTok is the go-to destination for short-form video consumption by over a billion people globally," said Philippe Guelton, chief revenue officer of Crackle Connex. "This new partnership provides advertisers a unique opportunity to reach new audiences and drive engagement. Our Redbox kiosks are in high-traffic locations where millions of people frequently shop, such as grocery stores or value retailers. We look forward to working with TikTok on expanding this partnership as our DOOH network expands."

An anonymous reader quotes a report from Ars Technica: Ask Me Anything (AMA) has been a Reddit staple that helped popularize the social media platform. It delivered some unique, personal, and, at times, fiery interviews between public figures and people who submitted questions. The Q&A format became so popular that many people host so-called AMAs these days, but the main subreddit has been r/IAmA, where the likes of then-US President Barack Obama and Bill Gates have sat in the virtual hot seat. But that subreddit, which has been called its own "juggernaut of a media brand," is about to look a lot different and likely less reputable. On July 1, Reddit moved forward with changes to its API pricing that has infuriated a large and influential portion of its user base. High pricing and a 30-day adjustment period resulted in many third-party Reddit apps closing and others moving to paid-for models that developers are unsure are sustainable.

The latest casualty in the Reddit battle has a profound impact on one of the most famous forms of Reddit content and signals a potential trend in Reddit content changing for the worse. On Saturday, the r/IAmA moderators announced that they will no longer perform these duties:

- Active solicitation of celebrities or high-profile figures to do AMAs.
- Email and modmail coordination with celebrities and high-profile figures and their PR teams to facilitate, educate, and operate AMAs. (We will still be available to answer questions about posting, though response time may vary).
- Running and maintaining a website for scheduling of AMAs with pre-verification and proof, as well as social media promotion.
- Maintaining a current up-to-date sidebar calendar of scheduled AMAs, with schedule reminders for users.
- Sister subreddits with categorized cross-posts for easy following.
- Moderator confidential verification for AMAs.
- Running various bots, including automatic flairing of live posts

The subreddit, which has 22.5 million subscribers as of this writing, will still exist, but its moderators contend that most of what makes it special will be undermined. "Moving forward, we'll be allowing most AMA topics, leaving proof and requests for verification up to the community, and limiting ourselves to removing rule-breaking material alone. This doesn't mean we're allowing fake AMAs explicitly, but it does mean you'll need to pay more attention," the moderators said. The mods will also continue to do bare minimum tasks like keeping spam out and rule enforcement, they said. Like many other Reddit moderators Ars has spoken to, some will step away from their duties, and they'll reportedly be replaced "as needed."