"After taking a look at Floorp Browser, I was left wondering whether there was a Chromium-based web browser that was as good, or even better than Chrome," writes a "First Look" reviewer at It's Foss News.

"That is when I came across Thorium, a web-browser that claims to be the 'the fastest browser on Earth'." [Thorium] is backed by a myriad of tweaks that include, compiler optimizations for SSE4.2, AVS, AES, various mods to CFLAGS, LDFLAGS, thinLTO flags, and more. The developer shares performance stats using popular benchmarking tools... I tested it using Speedometer 3.0 benchmark on Fedora 39 and compared it to Brave, and the scores were:

Thorium: 19.2; Brave: 19.5

So, it may not be the "fastest" always, probably one of the fastest, that comes close to Brave or sometimes even beats it (depends on the version you tested it and your system).

Alexander Frick, the lead developer, also insists on providing support for older operating systems such as Windows 7 so that its user base can use a capable modern browser without much fuss... As Thorium is a cross-platform web browser, you can find packages for a wide range of platforms such as Linux, Raspberry Pi, Windows, Android, macOS, and more.
Thorium can sync to your Google account to import your bookmarks, extensions, and themes, according to the article.

"Overall, I can confidently say that it is a web browser I could daily drive, if I were to ditch Chrome completely. It gels in quite well with the Google ecosystem and has a familiar user interface that doesn't get in the way."

Personal data from 73 million AT&T customers has leaked onto the dark web, reports CNN — both current and former customers.

AT&T has launched an investigation into the source of the data leak... In a news release Saturday morning, the telecommunications giant said the data was "released on the dark web approximately two weeks ago," and contains information such as account holders' Social Security numbers. ["The information varied by customer and account," AT&T said in a statement, " but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode."]

"It is not yet known whether the data ... originated from AT&T or one of its vendors," the company added. "Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set."

The data seems to have been from 2019 or earlier. The leak does not appear to contain financial information or specifics about call history, according to AT&T. The company said the leak shows approximately 7.6 million current account holders and 65.4 million former account holders were affected.
CNN says the first reports of the leak came two weeks ago from a social media account claiming "the largest collection of malware source code, samples, and papers. Reached for a comment by CNN, AT&T had said at the time that "We have no indications of a compromise of our systems."

AT&T's web site now includes a special page with an FAQ — and the tagline that announces "We take cybersecurity very seriously..."

"It has come to our attention that a number of AT&T passcodes have been compromised..."

The page points out that AT&T has already reset the passcodes of "all 7.6 million impacted customers." It's only further down in the FAQ that they acknowledge that the breach "appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and 65.4 million former account holders." Our internal teams are working with external cybersecurity experts to analyze the situation... We encourage customers to remain vigilant by monitoring account activity and credit reports. You can set up free fraud alerts from nationwide credit bureaus — Equifax, Experian, and TransUnion. You can also request and review your free credit report at any time via Freecreditreport.com...

We will reach out by mail or email to individuals with compromised sensitive personal information and offering complimentary identity theft and credit monitoring services... If your information was impacted, you will be receiving an email or letter from us explaining the incident, what information was compromised, and what we are doing for you in response.

"Today's most effective corporate lobbying no longer involves wooing members of Congress..." writes the Wall Street Journal. Instead the lobbying sector "now works in secret to influence lawmakers with the help of an unlikely ally: you." [Lobbyists] teamed up with PR gurus, social-media experts, political pollsters, data analysts and grassroots organizers to foment seemingly organic public outcries designed to pressure lawmakers and compel them to take actions that would benefit the lobbyists' corporate clients...

By the middle of 2011, an army of lobbyists working for the pillars of the corporate lobbying establishment — the major movie studios, the music industry, pharmaceutical manufacturers and the U.S. Chamber of Commerce — were executing a nearly $100 million campaign to win approval for the internet bill [the PROTECT IP Act, or "PIPA"]. They pressured scores of lawmakers to co-sponsor the legislation. At one point, 99 of the 100 members of the U.S. Senate appeared ready to support it — an astounding number, given that most bills have just a handful of co-sponsors before they are called up for a vote. When lobbyists for Google and its allies went to Capitol Hill, they made little headway. Against such well-financed and influential opponents, the futility of the traditional lobbying approach became clear. If tech companies were going to turn back the anti-piracy bills, they would need to find another way.

It was around this time that one of Google's Washington strategists suggested an alternative strategy. "Let's rally our users," Adam Kovacevich, then 34 and a senior member of Google's Washington office, told colleagues. Kovacevich turned Google's opposition to the anti-piracy legislation into a coast-to-coast political influence effort with all the bells and whistles of a presidential campaign. The goal: to whip up enough opposition to the legislation among ordinary Americans that Congress would be forced to abandon the effort... The campaign slogan they settled on — "Don't Kill the Internet" — exaggerated the likely impact of the bill, but it succeeded in stirring apprehension among web users.

The coup de grace came on Jan. 18, 2012, when Google and its allies pulled off the mother of all outside influence campaigns. When users logged on to the web that day, they discovered, to their great frustration, that many of the sites they'd come to rely on — Wikipedia, Reddit, Craigslist — were either blacked out or displayed text outlining the detrimental impacts of the proposed legislation. For its part, Google inserted a black censorship bar over its multicolored logo and posted a tool that enabled users to contact their elected representatives. "Tell Congress: Please don't censor the web!" a message on Google's home page read. With some 115,000 websites taking part, the protest achieved a staggering reach. Tens of millions of people visited Wikipedia's blacked-out website, 4.5 million users signed a Google petition opposing the legislation, and more than 2.4 million people took to Twitter to express their views on the bills. "We must stop [these bills] to keep the web open & free," the reality TV star Kim Kardashian wrote in a tweet to her 10 million followers...

Within two days, the legislation was dead...

Over the following decade, outside influence tactics would become the cornerstone of Washington's lobbying industry — and they remain so today.
"The 2012 effort is considered the most successful consumer mobilization in the history of internet policy," writes the Washington Post — agreeing that it's since spawned more app-based, crowdsourced lobbying campaigns. Sites like Airbnb "have also repeatedly asked their users to oppose city government restrictions on the apps." Uber, Lyft, DoorDash and other gig work companies also blitzed the apps' users with scenarios of higher prices or suspended service unless people voted for a 2020 California ballot measure on contract workers. Voters approved it."

The Wall Street Journal also details how lobbyists successfully killed higher taxes for tobacco products, the oil-and-gas industry, and even on private-equity investors — and note similar tactics were used against a bill targeting TikTok. "Some say the campaign backfired. Lawmakers complained that the effort showed how the Chinese government could co-opt internet users to do their bidding in the U.S., and the House of Representatives voted to ban the app if its owners did not agree to sell it.

"TikTok's lobbyists said they were pleased with the effort. They persuaded 65 members of the House to vote in favor of the company and are confident that the Senate will block the effort."

The Journal's article was adapted from an upcoming book titled "The Wolves of K Street: The Secret History of How Big Money Took Over Big Government." But the Washington Post argues the phenomenon raises two questions. "How much do you want technology companies to turn you into their lobbyists? And what's in it for you?"

A Linux Foundation subsidiary has developed a free and open-source 3D game engine distributed under the Apache license. And last week the Open 3D Foundation announced "a big step forward, showcasing the power of open-source technologies in giving gamers around the globe unforgettable gaming experiences."

"We are proud to unveil MadWorld as the first mobile title powered by O3DE," said Joe Bryant, Executive Director of the Open 3D Foundation, "demonstrating the large potential of open-source technologies in game development."

And then this week Los Angeles Business Journal reported that El Segundo-based gaming studio Carbonated Inc. "has raised $11 million of series A funding to finance the development and release of its debut game title... Prior to its most recent round, Carbonated closed an $8.5 million seed funding round in 2020, which also included participation from Andreessen and Bitkraft." Since its founding [in 2015], the company has been focusing on research and development for its upcoming first title, called "MadWorld." The third-person, multiplayer shooter game is set in a post-apocalyptic world and features both player-versus-player and player-versus-environment features. Players of the game will battle for land control in a dystopian setting. Using a combination of open-source mapping tools and Carbonated's proprietary custom operations technology, called Carbyne, the game's world is designed around real-life cities and locations. Players are initially dropped into the game's version of their own real-time location.

The game allows players to optionally engage using blockchain technology with a digital asset-ownership layer powered by a blockchain network called XPLA.
Earlier this month Madworld "opened up for Early Access registration," reports the egamers web site, arguing that the game "is set to redefine the gaming landscape and will make its public debut later this year." After a catastrophic event named "The Collapse," MadWorld takes place in a desolate Earth where players engage in a battle for survival, highlighting the game's unique setting and immersive experience. The game's world is intricately designed with 250,000 land plots mapped out on a hexagonal grid, each presenting unique resources and strategic benefits. This innovative approach to game design enhances the gameplay experience and introduces a new layer of strategy and competition.

MadWorld's gameplay is centered around integrating Web3 technologies, which allows for the ownership, enhancement, and trading of tokenized representations of real-world locations. This feature encourages players to create clans and work together or compete for essential resources that are spread across the vast game world. Clans can acquire these resources by paying tributes to NFT landowners using "Rounds," the in-game currency. This mechanism not only fosters a sense of community and teamwork but also creates unique economic opportunities within the game by blending traditional gaming elements with the emerging field of digital assets.
"With its use of O3DE, Carbonated can enhance the game's visual fidelity, performance, and scalability," according to the Linux Foundation's announcement, "in order to deliver a fast-paced adventure on mobile platforms." O3DE is an open-source game engine developed by a collaborative community of industry experts. It includes state-of-the-art rendering capabilities, dynamic lighting, and realistic physics simulation. These features have enabled Carbonated to build realistic dystopian environments and create action-packed gameplay in MadWorld.
According to its official site, MadWorld "is set to be released to the public sometime in 2024 and is currently being tested on iOS and Android operating systems."

Carbonated's CEO Travis Boatman made this prediction to the site Decrypt. "We think mobile is where the breakout will happen for Web3."

The Record reports: Ross Anderson, a professor of security engineering at the University of Cambridge who is widely recognized for his contributions to computing, passed away at home on Thursday according to friends and colleagues who have been in touch with his family and the University.

Anderson, who also taught at Edinburgh University, was one of the most respected academic engineers and computer scientists of his generation. His research included machine learning, cryptographic protocols, hardware reverse engineering and breaking ciphers, among other topics. His public achievements include, but are by no means limited to, being awarded the British Computer Society's Lovelace Medal in 2015, and publishing several editions of the Security Engineering textbook.
Anderson's security research made headlines throughout his career, with his name appearing in over a dozen Slashdot stories...

• 2023: Researchers Warn of 'Model Collapse' As AI Trains On AI-Generated Content

• 2021: 'Trojan Source' Bug Threatens the Security of All Code

• 2015: Factory Reset On Millions of Android Devices Doesn't Wipe Storage

• 2012: UK Web Snooping Plan Invades Privacy, Despite Claims To the Contrary

• 2010: Why "Verified By Visa" System Is Insecure

• 2008: Researchers Expose New Credit Card Fraud Risk

• 2006: "Security Engineering" Is Now Online. [The link from that 2006 post still works. Slashdot called Anderson's book "arguably the best information security book ever written" in one of two reviews, published in 2002 and 2010.]

• 2002:Security of Open vs. Closed Source Software.

• 2002: Analyzing Palladium

My favorite story? UK Banks Attempt To Censor Academic Publication.

"Cambridge University has resisted the demands and has sent a response to the bankers explaining why they will keep the page online..."

An anonymous reader quotes a report from Ars Technica: NYC's "MyCity" ChatBot was rolled out as a "pilot" program last October. The announcement touted the ChatBot as a way for business owners to "save ... time and money by instantly providing them with actionable and trusted information from more than 2,000 NYC Business web pages and articles on topics such as compliance with codes and regulations, available business incentives, and best practices to avoid violations and fines." But a new report from The Markup and local nonprofit news site The City found the MyCity chatbot giving dangerously wrong information about some pretty basic city policies. To cite just one example, the bot said that NYC buildings "are not required to accept Section 8 vouchers," when an NYC government info page says clearly that Section 8 housing subsidies are one of many lawful sources of income that landlords are required to accept without discrimination. The Markup also received incorrect information in response to chatbot queries regarding worker pay and work hour regulations, as well as industry-specific information like funeral home pricing. Further testing from BlueSky user Kathryn Tewson shows the MyCity chatbot giving some dangerously wrong answers regarding treatment of workplace whistleblowers, as well as some hilariously bad answers regarding the need to pay rent.

MyCity's Microsoft Azure-powered chatbot uses a complex process of statistical associations across millions of tokens to essentially guess at the most likely next word in any given sequence, without any real understanding of the underlying information being conveyed. That can cause problems when a single factual answer to a question might not be reflected precisely in the training data. In fact, The Markup said that at least one of its tests resulted in the correct answer on the same query about accepting Section 8 housing vouchers (even as "ten separate Markup staffers" got the incorrect answer when repeating the same question). The MyCity Chatbot -- which is prominently labeled as a "Beta" product -- does tell users who bother to read the warnings that it "may occasionally produce incorrect, harmful or biased content" and that users should "not rely on its responses as a substitute for professional advice." But the page also states front and center that it is "trained to provide you official NYC Business information" and is being sold as a way "to help business owners navigate government." NYC Office of Technology and Innovation Spokesperson Leslie Brown told The Markup that the bot "has already provided thousands of people with timely, accurate answers" and that "we will continue to focus on upgrading this tool so that we can better support small businesses across the city."

Hillary Clinton and U.S. election officials said they are concerned disinformation generated and spread by AI could threaten the 2024 presidential election [non-paywalled link]. WSJ: Clinton, a former secretary of state and 2016 presidential candidate, said she thinks foreign actors like Russian President Vladimir Putin could use AI to interfere in elections in the U.S. and elsewhere. Dozens of countries are running elections this year. "Anybody who's not worried is not paying attention," Clinton said Thursday at Columbia University, where election officials and tech executives discussed how AI could impact global elections.

She added: "It could only be a very small handful of people in St. Petersburg or Moldova or wherever they are right now who are lighting the fire, but because of the algorithms everyone gets burned." Clinton said Putin tried to undermine her before the 2016 election by spreading disinformation on Facebook, Twitter and Snapchat about "all these terrible things" she purportedly did. "I don't think any of us understood it," she said. "I did not understand it. I can tell you my campaign did not understand it. The so-called dark web was filled with these kinds of memes and stories and videos of all sorts portraying me in all kinds of less than flattering ways." Clinton added: "What they did to me was primitive and what we're talking about now is the leap in technology."

Lyle Smith reports via StorageReview.com: Proxmox has introduced a new import wizard for Proxmox Virtual Environment (VE), aiming to simplify the migration process for importing VMware ESXi VMs. This new feature comes at an important time in the industry, as it aims to ease the transition for these organizations looking to move away from VMware's vSphere due to high renewal costs.

The new import wizard is integrated into Proxmox VE's existing storage plugin system, allowing for direct integration into the platform's API and web-based user interface. It offers users the ability to import VMware ESXi VMs in their entirety, translating most of the original VM's configuration settings to Proxmox VE's configuration model (all while minimizing downtime). Currently, the import wizard is in a technical preview state, having been added during the Proxmox VE 8.2 development cycle. Although it is still under active development, early reports suggest the wizard is stable and holds considerable promise for future enhancements, including the planned addition of support for other import sources like OVF/OVA files. [...]

This tool represents Proxmox's commitment to providing accessible, open-source virtualization solutions. By leveraging the official ESXi API and implementing a user space filesystem with optimized read-ahead caching in Rust (a safe, fast, and modern programming language ideal for system-level tasks), Proxmox aims to ensure that this new feature can be integrated smoothly into its broader ecosystem.

Tobias Mann reports via The Register: Cloud server provider Vultr has rapidly revised its terms-of-service after netizens raised the alarm over broad clauses that demanded the "perpetual, irrevocable, royalty-free" rights to customer "content." The red tape was updated in January, as captured by the Internet Archive, and this month users were asked to agree to the changes by a pop-up that appeared when using their web-based Vultr control panel. That prompted folks to look through the terms, and there they found clauses granting the US outfit a "worldwide license ... to use, reproduce, process, adapt ... modify, prepare derivative works, publish, transmit, and distribute" user content.

It turned out these demands have been in place since before the January update; customers have only just noticed them now. Given Vultr hosts servers and storage in the cloud for its subscribers, some feared the biz was giving itself way too much ownership over their stuff, all in this age of AI training data being put up for sale by platforms. In response to online outcry, largely stemming from Reddit, Vultr in the past few hours rewrote its ToS to delete those asserted content rights. CEO J.J. Kardwell told The Register earlier today it's a case of standard legal boilerplate being taken out of context. The clauses were supposed to apply to customer forum posts, rather than private server content, and while, yes, the terms make more sense with that in mind, one might argue the legalese was overly broad in any case.

"We do not use user data," Kardwell stressed to us. "We never have, and we never will. We take privacy and security very seriously. It's at the core of what we do globally." [...] According to Kardwell, the content clauses are entirely separate to user data deployed in its cloud, and are more aimed at one's use of the Vultr website, emphasizing the last line of the relevant fine print: "... for purposes of providing the services to you." He also pointed out that the wording has been that way for some time, and added the prompt asking users to agree to an updated ToS was actually spurred by unrelated Microsoft licensing changes. In light of the controversy, Vultr vowed to remove the above section to "simplify and further clarify" its ToS, and has indeed done so. In a separate statement, the biz told The Register the removal will be followed by a full review and update to its terms of service. "It's clearly causing confusion for some portion of users. We recognize that the average user doesn't have a law degree," Kardwell added. "We're very focused on being responsive to the community and the concerns people have and we believe the strongest thing we can do to demonstrate that there is no bad intent here is to remove it."

Michael Larabel reports via Phoronix: Given the recent change by Redis to adopt dual source-available licensing for all their releases moving forward (Redis Source Available License v2 and Server Side Public License v1), the Linux Foundation announced today their fork of Redis. The Linux Foundation went public today with their intent to fork Valkey as an open-source alternative to the Redis in-memory store. Due to the Redis licensing changes, Valkey is forking from Redis 7.2.4 and will maintain a BSD 3-clause license. Google, AWS, Oracle, and others are helping form this new Valkey project.

The Linux Foundation press release shares: "To continue improving on this important technology and allow for unfettered distribution of the project, the community created Valkey, an open source high performance key-value store. Valkey supports the Linux, macOS, OpenBSD, NetBSD, and FreeBSD platforms. In addition, the community will continue working on its existing roadmap including new features such as a more reliable slot migration, dramatic scalability and stability improvements to the clustering system, multi-threaded performance improvements, triggers, new commands, vector search support, and more. Industry participants, including Amazon Web Services (AWS), Google Cloud, Oracle, Ericsson, and Snap Inc. are supporting Valkey. They are focused on making contributions that support the long-term health and viability of the project so that everyone can benefit from it."

Amazon plans to spend almost $150 billion in the coming 15 years on data centers, giving the cloud-computing giant the firepower to handle an expected explosion in demand for artificial intelligence applications and other digital services. From a report: The spending spree is a show of force as the company looks to maintain its grip on the cloud services market, where it holds about twice the share of No. 2 player Microsoft. Sales growth at Amazon Web Services slowed to a record low last year as business customers cut costs and delayed modernization projects. Now spending is starting to pick up again, and Amazon is keen to secure land and electricity for its power-hungry facilities.

"We're expanding capacity quite significantly," said Kevin Miller, an AWS vice president who oversees the company's data centers. "I think that just gives us the ability to get closer to customers." Over the past two years, according to a Bloomberg tally, Amazon has committed to spending $148 billion to build and operate data centers around the world. The company plans to expand existing server farm hubs in northern Virginia and Oregon as well as push into new precincts, including Mississippi, Saudi Arabia and Malaysia.

An anonymous reader quotes a report from The Register: It's sanctions central at the US Treasury this week as a further 15 are slapped on organizations and individuals in Russia. The Treasury's Office of Foreign Assets Control (OFAC) designated 13 organizations and two individuals -- all concerning financial services organizations, including cryptocurrency exchanges that offered services to already-sanctioned dark web marketplaces in Russia, and those who helped run them. Five of the 13 freshly designated entities were also controlled by individuals who were already sanctioned. The latest round of trade restrictions were placed on those who are believed to have helped evade existing US sanctions.

"Many of the individuals and entities designated today facilitated transactions or offered other services that helped OFAC-designated entities evade sanctions," an OFAC statement read. "These designations build upon OFAC's February 23, 2024 action to target companies servicing Russia's core financial infrastructure and curtail Russia's use of the international financial system to further its war against Ukraine." They follow the initial seven sanctions announced on Monday, all relating to Chinese nationals and members of Beijing's APT31 offensive cyber outfit.

Web-based design platform Canva has acquired the Affinity creative software suite for an undisclosed sum, though Bloomberg reports that it's valued at "several hundred million [British] pounds." The Verge reports that the acquisition helps the company "[position] itself as a challenger to Adobe's grip over the digital design industry." From the report: Canva announced the deal on Tuesday, which gives the company ownership over Affinity Designer, Photo, and Publisher -- three popular creative applications for Windows, Mac, and iPad that provide similar features to Adobe's Illustrator, Photoshop, and InDesign software, respectively. [T]he acquisition makes sense as the Australian-based company tries to attract more creative professionals. As of January this year, Canva's design platform attracted around 170 million monthly global users. That's a lot of people who probably aren't using equivalent Adobe software like Express, but unlike Adobe, Canva doesn't have its own design applications that target creative professionals like illustrators, photographers, and video editors.

Affinity apps are used by over three million global users according to Canva -- that's a fraction of Adobe's user base, but Affinity shouldn't be underestimated here. The decision to make its Affinity applications a one-time-purchase with no ongoing subscription fees has earned it a loyal fanbase, especially with creatives who are actively looking for alternatives to Adobe's subscription-based design ecosystem. In an interview with the Sydney Morning Herald, Canva co-founder Cameron Adams said that Affinity applications will remain separate from Canva's platform, but that some small integrations should be expected over time. "Our product teams have already started chatting and we have some immediate plans for lightweight integration, but we think the products themselves will always be separate," said Adams.

Tom Warren reports via The Verge: Microsoft is naming Pavan Davuluri as its new Windows and Surface chief today. After Panos Panay's surprise departure to Amazon last year, Microsoft split up the Windows and Surface groups under two different leaders. Davuluri took over the Surface silicon and devices work, with Mikhail Parakhin leading a new team focused on Windows and web experiences. Now both Windows and Surface will be Davuluri's responsibility, as Parakhin has "decided to explore new roles."

The Verge has obtained an internal memo from Rajesh Jha, Microsoft's head of experiences and devices, outlining the new Windows organization. Microsoft is now bringing together its Windows and devices teams once more. "This will enable us to take a holistic approach to building silicon, systems, experiences, and devices that span Windows client and cloud for this AI era," explains Jha. Pavan Davuluri is now the leader of Microsoft's Windows and Surface team, reporting directly to Rajesh Jha. Davuluri has worked at Microsoft for more than 23 years and was deeply involved in the company's work with Qualcomm and AMD to create custom Surface processors.

Mikhail Parakhin will now report to Kevin Scott during a transition phase, but his future at Microsoft looks uncertain, and it's likely those "new roles" will be outside the company. Parakhin had been working closely on Bing Chat before taking on the broader Windows engineering responsibilities and changes to Microsoft Edge. The Windows shake-up comes just days after Google DeepMind co-founder and former Inflection AI CEO Mustafa Suleyman joined Microsoft as the CEO of a new AI team. Microsoft also hired a bunch of Inflection AI employees, including co-founder Karen Simonyan who is now the chief scientist of Microsoft AI.

An anonymous reader shared this report from The Register: Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised U.S. defense organizations, UK government agencies, and hundreds of other entities, according to Mandiant.

The Google-owned threat hunters said they assess, "with moderate confidence," that a crew they track as UNC5174 was behind the exploitation of CVE-2023-46747, a 9.8-out-of-10-CVSS-rated remote code execution bug in the F5 BIG-IP Traffic Management User Interface, and CVE-2024-1709, a path traversal flaw in ConnectWise ScreenConnect that scored a perfect 10 out of 10 CVSS severity rating.

UNC5174 uses the online persona Uteus, and has bragged about its links to China's Ministry of State Security (MSS) — boasts that may well be true. The gang focuses on gaining initial access into victim organizations and then reselling access to valuable targets... Just last month, Mandiant noticed the same combination of tools, believed to be unique to this particular Chinese gang, being used to exploit the ConnectWise flaw and compromise "hundreds" or entities, mostly in the U.S. and Canada. Also between October 2023 and February 2024, UNC5174 exploited CVE-2023-22518 in Atlassian Confluence, CVE-2022-0185 in Linux kernels, and CVE-2022-3052, a Zyxel Firewall OS command injection vulnerability, according to Mandiant.

These campaigns included "extensive reconnaissance, web application fuzzing, and aggressive scanning for vulnerabilities on internet-facing systems belonging to prominent universities in the U.S., Oceania, and Hong Kong regions," the threat intel team noted.
More details from The Record. "One of the strangest things the researchers found was that UNC5174 would create backdoors into compromised systems and then patch the vulnerability they used to break in. Mandiant said it believes this was an 'attempt to limit subsequent exploitation of the system by additional unrelated threat actors attempting to access the appliance.'"

In an interview Saturday, CNN first asked Steve Wozniak about Apple's "walled garden" approach — and whether there's any disconnect between Apple's stated interest in user security and privacy, and its own self-interest?

Wozniak responded, "I think there are things you can say on all sides of it. "I'm kind of glad for the protection that I have for my privacy and for you know not getting hacked as much. Apple does a better job than the others.

And tracking you — tracking you is questionable, but my gosh, look at what we're accusing TikTok of, and then go look at Facebook and Google... That's how they make their business! I mean, Facebook was a great idea. But then they make all their money just by tracking you and advertising.

And Apple doesn't really do that as much. I consider Apple the good guy.
So then CNN directly asked Wozniak's opinion about the proposed ban on TikTok in the U.S. "Well, one, I don't understand it. I don't see why. I mean, I get a lot of entertainment out of TikTok — and I avoid the social web. But I love to watch TikTok, even if it's just for rescuing dog videos and stuff.

And so I'm thinking, well, what are we saying? We're saying 'Oh, you might be tracked by the Chinese'. Well, they learned it from us.

I mean, look, if you have a principle — a person should not be tracked without them knowing it? It's kind of a privacy principle — I was a founder of the EFF. And if you have that principle, you apply it the same to every company, or every country. You don't say, 'Here's one case where we're going to outlaw an app, but we're not going to do it in these other cases.'

So I don't like the hypocrisy. And that's always obviously common from a political realm.

Indian Express calls it "the ultimate smartphone killer". (Coming soon, its laser-on-your-palm feature will display stock prices, sports scores, and flight statuses.)

Humane's Ai Pin can even translate what you say, repeating it out loud in another language (with 50 different languages supported). And it can read you summaries of what's on your favorite web sites, so "You can just surf the web with your voice," according to a new video released this week.

The video also shows it answering specific questions like "What's that song by 21 Savage with the violin intro?" (And later, while the song is playing, answering more questions like "This was sampled from another song. What song was that?") But then co-founder Imran Chaudhri — an iPhone designer and one of several former Apple employees at Humane — demonstrated a "Vision" feature that's coming soon. Holding a Sony Walkman he asks the Pin to "Look at this and tell me when it first came out" — and the Pin obliges. ("The Sony Walkman WM-F73 was released in 1986...") In another demo it correctly supplied the designer of an Air Jordan basketball shoe.

They're also working on integrating this into a Nutrition Tracking application. (A demonstrator held a doughnut and asked the Pin to identify how much sugar was in it.) If you tell the Pin that you've eaten the doughnut, it can then calculate your intake of carbs, protein, and fats.

And in the video the Pin responded within seconds to the command "Make a spreadsheet about top consumer tech reviewers on YouTube [with] real names, subscriber counts, and URLs." It performed the research and created the spreadsheet, which appears on the demonstrator's laptop, apparently logged in to Humane's cloud-based user platform.

In the video Humane's co-founder stresses that its Ai Pin does all this without downloading applications, "which allows me to stay present in the moment and flow." But while it can also make phone calls and sends text messages, Imran Chaudhri adds that "Ai Pin is a completely new form factor for compute. It's never been about replacing. It's always been about creating new ways to interact with what you need. So instead of having to sit down to use a computer, or reaching in to your pocket and pulling out your phone and navigating apps, Ai Pin allows you to simply act on something the moment you think about it — letting AI do all the work for you."

Or, as they say later "This is about technology adapting and reacting to you. Not you having to adapt to it."

There's also talk about their "AI OS" — named Cosmos — with the Pin described as "our first entry point" into that operating system, with other devices planned to support it in the future. (Mashable's reporter notes that Humane's Ai Pin is backed by OpenAI CEO Sam Altman, and writes "I was impressed with how well it worked.") The video even ends with an update for SDK developers. In the second half of 2024, "you're going to be able to connect your services to the Ai Pin using REST APIs and OAuth." Phase two will let developers run their code directly on Humane's cloud platform — while Phase three will see developers codes on Ai Pin devices, "to get access to the mic, the camera, the sensors, and the laser. We are so excited to see what you're gonna build."

Humane says its Ai Pin will start shipping at the end of March, with priority orders arriving starting on April 11th.

An anonymous reader quotes a report from KrebsOnSecurity: The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep's CEO to admit that he has founded dozens of people-search networks over the years. Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus. Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned? to let users know when their email addresses or password are leaked in data breaches. On March 14, KrebsOnSecurity published a story showing that Onerep's Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Onerep and Shelest did not respond to requests for comment on that story.

But on March 21, Shelest released a lengthy statement wherein he admitted to maintaining an ownership stake in Nuwber, a consumer data broker he founded in 2015 -- around the same time he launched Onerep. Shelest maintained that Nuwber has "zero cross-over or information-sharing with Onerep," and said any other old domains that may be found and associated with his name are no longer being operated by him. "I get it," Shelest wrote. "My affiliation with a people search business may look odd from the outside. In truth, if I hadn't taken that initial path with a deep dive into how people search sites work, Onerep wouldn't have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I'm aiming to do better in the future." The full statement is available here (PDF).

In a statement released today, a spokesperson for Mozilla said it was moving away from Onerep as a service provider in its Monitor Plus product. "Though customer data was never at risk, the outside financial interests and activities of Onerep's CEO do not align with our values," Mozilla wrote. "We're working now to solidify a transition plan that will provide customers with a seamless experience and will continue to put their interests first." KrebsOnSecurity also reported that Shelest's email address was used circa 2010 by an affiliate of Spamit, a Russian-language organization that paid people to aggressively promote websites hawking male enhancement drugs and generic pharmaceuticals. As noted in the March 14 story, this connection was confirmed by research from multiple graduate students at my alma mater George Mason University.

Shelest denied ever being associated with Spamit. "Between 2010 and 2014, we put up some web pages and optimize them -- a widely used SEO practice -- and then ran AdSense banners on them," Shelest said, presumably referring to the dozens of people-search domains KrebsOnSecurity found were connected to his email addresses (dmitrcox@gmail.com and dmitrcox2@gmail.com). "As we progressed and learned more, we saw that a lot of the inquiries coming in were for people." Shelest also acknowledged that Onerep pays to run ads on "on a handful of data broker sites in very specific circumstances." "Our ad is served once someone has manually completed an opt-out form on their own," Shelest wrote. "The goal is to let them know that if they were exposed on that site, there may be others, and bring awareness to there being a more automated opt-out option, such as Onerep."

"Vernor Vinge, who three times won the Hugo for best novel, has died," writes Slashdot reader Felix Baum. Ars Technica reports: On Wednesday, author David Brin announced that Vernor Vinge, sci-fi author, former professor, and father of the technological singularity concept, died from Parkinson's disease at age 79 on March 20, 2024, in La Jolla, California. The announcement came in a Facebook tribute where Brin wrote about Vinge's deep love for science and writing. "A titan in the literary genre that explores a limitless range of potential destinies, Vernor enthralled millions with tales of plausible tomorrows, made all the more vivid by his polymath masteries of language, drama, characters, and the implications of science," wrote Brin in his post.

As a sci-fi author, Vinge won Hugo Awards for his novels A Fire Upon the Deep (1993), A Deepness in the Sky (2000), and Rainbows End (2007). He also won Hugos for novellas Fast Times at Fairmont High (2002) and The Cookie Monster (2004). As Mike Glyer's File 770 blog notes, Vinge's novella True Names (1981) is frequency cited as the first presentation of an in-depth look at the concept of "cyberspace." Vinge first coined the term "singularity" as related to technology in 1983, borrowed from the concept of a singularity in spacetime in physics.

When discussing the creation of intelligences far greater than our own in an 1983 op-ed in OMNI magazine, Vinge wrote, "When this happens, human history will have reached a kind of singularity, an intellectual transition as impenetrable as the knotted space-time at the center of a black hole, and the world will pass far beyond our understanding." In 1993, he expanded on the idea in an essay titled The Coming Technological Singularity: How to Survive in the Post-Human Era.

Christopher Harper reports via Tom's Hardware: Earlier this month, Danluu.com released an exhaustive 23-page analysis/op-ed/manifesto on the current status of unoptimized web pages and web app performance, finding that just loading a web page can even bog down an entry-level device that can run the popular game PUBG at 40 fps. In fact, the Wix webpage requires loading 21MB of data for one page, while the more famous websites Patreon and Threads load 13MB of data for one page. This can result in slow load times that reach up to 33 seconds or, in some cases, result in the page failing to load at all.

As the testing above shows, some of the most brutally intensive websites include the likes of... Quora, and basically every major social media platform. Newer content production platforms like Squarespace and newer Forum platforms like Discourse also have significantly worse performance than their older counterparts, often to the point of unusability on some devices. The Tecno S8C, one of the prominent entry-level phones common in emerging markets, is one particularly compelling test device that stuck. The device is actually quite impressive in some ways, including its ability to run PlayerUnknown's Battlegrounds Mobile at 40 FPS -- but the same device can't even run Quora and experiences nigh-unusable lag when scrolling on social media sites.

That example is most likely the best summation of the overall point, which is that modern web and app design is increasingly trending toward an unrealistic assumption of ever-increasing bandwidth and processing. Quora is a website where people answer questions -- there is absolutely no reason any of these websites should be harder to run than a Battle Royale game.