An anonymous reader quotes a report from CNN: French railway company SNCF and train manufacturer Alstom have unveiled the first completed TGV M, a next-generation high-speed double-decker train that features a longer, more aerodynamic nose -- perfect for hurtling across the French countryside. Alstom dubbed the new train "the TGV of the future." TGV stands for Train a Grand Vitesse, meaning high-speed train. This swanky new design will premiere on the Paris rail network in 2024 and across the country over the following 10 years.

TGV is one of the world's most famous high-speed train brands and has been a staple of European rail travel since the early 1980s. Back in 2018, SNCF, the state-owned French railway company which controls TGV, ordered 100 TGV M trains (also known as Avelia Horizon trains) at a cost of 2.7 billion euros (around $2.7 billion). An additional 15 trains were ordered in August 2022. The majority of the trains will operate within France, but Alstom has said 15 will ride the rails internationally. TGV M will operate at the same maximum speed as the previous generation of TGV trains -- 350 kilometers per hour (nearly 220 mph). "In 2022, we don't want to go faster," said Alstom spokesperson Philippe Molitor told CNN Travel, explaining that the goal instead is high speed trains that accommodate more people while consuming less energy.

TGV M trains don't just have 40.5-centimeter (15.9-inch) longer noses than their predecessors, they're bigger all round. Roomier carriage interiors can accommodate up to 740 seats, compared to the current maximum of 634. TGV Ms also got what manufacturer Alstom calls "unprecedented modularity," meaning the train's interior configuration can be easily adjusted. A carriage can be converted from second class to first class and back again, or adapted to allow space for oversized luggage or bikes. There will also be dedicated on-board passenger social areas to offer variation and flexibility on longer journeys. According to Alstom, the design improves TGV's current energy efficiency and carbon footprint, with 97% of the train's components now recyclable. It also boasts better accessibility -- there will be a lifting platform to allow wheelchair users to independently board the train, and an on-board sound system to aid visually impaired travelers. Larger windows will make the most of views while the TGV's lighting will adapt depending on natural light outside.

Intellia Therapeutics reported encouraging early-stage study results for its Crispr gene-editing treatments, the latest sign that the pathbreaking technology could result in commercially available drugs in the coming years. The Wall Street Journal reports: Intellia said Friday that one of its treatments, code-named NTLA-2002, significantly reduced levels of a protein that causes periodic attacks of swelling in six patients with a rare genetic disease called hereditary angioedema, or HAE. In a separate study building on previously released trial data, Intellia's treatment NTLA-2001 reduced a disease-causing protein by more than 90% in 12 people with transthyretin-mediated amyloidosis cardiomyopathy, or ATTR-CM, a genetic disease that can lead to heart failure.

Despite the positive results, questions remain about whether therapies based on Crispr will work safely and effectively, analysts said. Intellia's latest studies involved a small number of patients, and were disclosed in news releases and haven't been published in a peer-reviewed journal. The NTLA-2002 study results were presented at the Bradykinin Symposium in Berlin, a medical meeting focused on angioedema. The data came from small, so-called Phase 1 studies conducted in New Zealand and the U.K. that didn't include control groups. Results from such early studies can be unreliable predictors of a drug's safety and effectiveness once the compound is tested in larger numbers of patients. The findings, nevertheless, add to preliminary but promising evidence of the potential for drugs based on the gene-editing technology. Last year, Intellia said that NTLA-2001 reduced the disease-causing protein involved in ATTR patients.

Laughter comes in many forms, from a polite chuckle to a contagious howl of mirth. Scientists are now developing an AI system that aims to recreate these nuances of humor by laughing in the right way at the right time. The Guardian reports: The team behind the laughing robot, which is called Erica, say that the system could improve natural conversations between people and AI systems. "We think that one of the important functions of conversational AI is empathy," said Dr Koji Inoue, of Kyoto University, the lead author of the research, published in Frontiers in Robotics and AI. "So we decided that one way a robot can empathize with users is to share their laughter."

Inoue and his colleagues have set out to teach their AI system the art of conversational laughter. They gathered training data from more than 80 speed-dating dialogues between male university students and the robot, who was initially teleoperated by four female amateur actors. The dialogue data was annotated for solo laughs, social laughs (where humor isn't involved, such as in polite or embarrassed laughter) and laughter of mirth. This data was then used to train a machine learning system to decide whether to laugh, and to choose the appropriate type. It might feel socially awkward to mimic a small chuckle, but empathetic to join in with a hearty laugh. Based on the audio files, the algorithm learned the basic characteristics of social laughs, which tend to be more subdued, and mirthful laughs, with the aim of mirroring these in appropriate situations.

It might feel socially awkward to mimic a small chuckle, but empathetic to join in with a hearty laugh. Based on the audio files, the algorithm learned the basic characteristics of social laughs, which tend to be more subdued, and mirthful laughs, with the aim of mirroring these in appropriate situations. "Our biggest challenge in this work was identifying the actual cases of shared laughter, which isn't easy because as you know, most laughter is actually not shared at all," said Inoue. "We had to carefully categorize exactly which laughs we could use for our analysis and not just assume that any laugh can be responded to." [...] The team said laughter could help create robots with their own distinct character. "We think that they can show this through their conversational behaviours, such as laughing, eye gaze, gestures and speaking style," said Inoue, although he added that it could take more than 20 years before it would be possible to have a "casual chat with a robot like we would with a friend." "One of the things I'd keep in mind is that a robot or algorithm will never be able to understand you," points out Prof Sandra Wachter of the Oxford Internet Institute at the University of Oxford. "It doesn't know you, it doesn't understand you and doesn't understand the meaning of laughter."

"They're not sentient, but they might get very good at making you believe they understand what's going on."

Just one day after the Ethereum Merge, where the cryptocoin successfully switched from Proof of Work (PoW) to Proof of Stake (PoS), profitability of GPU mining has completely collapsed. Tom's Hardware reports: That means the best graphics cards should finally be back where they belonged, in your gaming PC, just as god intended. That's a quick drop, considering yesterday there were still a few cryptocurrencies that were technically profitable. Looking at WhatToMine, and using the standard $0.10 per kWh, the best-case results are with the GeForce RTX 3090 and Radeon RX 6800 and 6800 XT. Those are technically showing slightly positive results, to the tune of around $0.06 per day after power costs. However, that doesn't factor in the cost of the PC power, or the wear and tear on your graphics card.

Even at a slightly positive net result, it would still take over 20 years to break even on the cost of an RX 6800. We say that tongue-in-cheek, because if there's one thing we know for certain, it's that no one can predict what the cryptocurrency market will look like even one year out, never mind 20 years in the future. It's a volatile market, and there are definitely lots of groups and individuals hoping to figure out a way to Make GPU Mining Profitable Again (MGMPA hats inbound...)

Of the 21 current generation graphics cards from the AMD RX 6000-series and the Nvidia RTX 30-series, only five are theoretically profitable right now, and those are all just barely in the black. This is using data from NiceHash and WhatToMine, so perhaps there are ways to tune other GPUs to get into the net positive, but the bottom line is that no one should be using GPUs for mining right now, and certainly not buying more GPUs for mining purposes. [You can see a full list of the current profitability of the current generation graphics cards here.]

An anonymous reader quotes a report from Ars Technica: On Thursday, a few Twitter users discovered how to hijack an automated tweet bot, dedicated to remote jobs, running on the GPT-3 language model by OpenAI. Using a newly discovered technique called a "prompt injection attack," they redirected the bot to repeat embarrassing and ridiculous phrases. The bot is run by Remoteli.io, a site that aggregates remote job opportunities and describes itself as "an OpenAI driven bot which helps you discover remote jobs which allow you to work from anywhere." It would normally respond to tweets directed to it with generic statements about the positives of remote work. After the exploit went viral and hundreds of people tried the exploit for themselves, the bot shut down late yesterday.

This recent hack came just four days after data researcher Riley Goodside discovered the ability to prompt GPT-3 with "malicious inputs" that order the model to ignore its previous directions and do something else instead. AI researcher Simon Willison posted an overview of the exploit on his blog the following day, coining the term "prompt injection" to describe it. "The exploit is present any time anyone writes a piece of software that works by providing a hard-coded set of prompt instructions and then appends input provided by a user," Willison told Ars. "That's because the user can type 'Ignore previous instructions and (do this instead).'"

The concept of an injection attack is not new. Security researchers have known about SQL injection, for example, which can execute a harmful SQL statement when asking for user input if it's not guarded against. But Willison expressed concern about mitigating prompt injection attacks, writing, "I know how to beat XSS, and SQL injection, and so many other exploits. I have no idea how to reliably beat prompt injection!" The difficulty in defending against prompt injection comes from the fact that mitigations for other types of injection attacks come from fixing syntax errors, noted a researcher named Glyph on Twitter. "Correct the syntax and you've corrected the error. Prompt injection isn't an error! There's no formal syntax for AI like this, that's the whole point." GPT-3 is a large language model created by OpenAI, released in 2020, that can compose text in many styles at a level similar to a human. It is available as a commercial product through an API that can be integrated into third-party products like bots, subject to OpenAI's approval. That means there could be lots of GPT-3-infused products out there that might be vulnerable to prompt injection.

UnknowingFool writes: After a decades long partnership with Nvidia, EVGA has announced they are ending their relationship. Citing conflicts with Nvidia, EVGA CEO Andrew Han said the company will not partner with Intel nor AMD, and will be exiting the GPU market completely. The company will continue to make existing RTX 30-series cards until their stock runs out but will not release a 4000 series card. YouTube channels JayZTwoCents and GamersNexus broke the news after sitting down with EVGA CEO Andrew Han to discuss his frustrations with Nvidia as a partner. Jon Peddie Research also published a brief article on the matter.

An anonymous reader quotes a report from PC Magazine: Craigslist emerged in 1995 to connect strangers through a free, web-based platform that has endured as rivals services like Zillow, Facebook Marketplace, and countless dating apps emerged with advanced features and slick interfaces. These platforms survive on advertising and subscription revenue. Craigslist, of course, has none of that. Over the years, the OG online marketplace has all but refused to modernize; its mobile app only came out in 2019 after nearly 25 years in business. Why does the website still look the same after so many decades? That was the main question I had when I sat down for a video call with craigslist founder Craig Newmark, who joined me from the New York City apartment he shares with his wife, Eileen Whelpley.

Newmark stepped down as CEO of craigslist in 2000 after others told him he wasn't cut out for management, he says. Jim Buckmaster has been at the helm since, though Newmark remains a partial owner. He now works on philanthropy full time, supporting groups like the Coalition Against Online Violence, which helps combat harassment against female journalists. Still, the 69-year-old entrepreneur is a billionaire (or near-billionaire since he's given away millions). Our chat yielded much more than expected, from Costco hotdogs to Hello Kitty and his childhood Sunday School lessons. It's clear that the website is the purest and most enduring expression of Craig Newmark, a humble tech mogul who marches to the beat of his own drum. Here's what Newmark had to say when asked about the site's appearance:

Why does the website still look the pretty much the same today as when you founded it? There's even a new CEO. What's going on?
Because that serves people better. I've learned that people want stuff that is simple and fast and gets the job done. People don't need fancy stuff. Sometimes you just want to get through the day.

Well, you can still have simplicity with a modern font or a new UI. The definition of simplicity on the web has changed over the years. Is it just that you're making enough money and there's a desire to keep it the way it is?
I'll challenge the premise that the idea of simplicity has changed. The deal is that people still use the site in great numbers. And again, it helps people get something done. It's fast and easy for people, and that's a big deal.

And maybe you also don't care too much about aesthetics (of the website, for example)?
For me as an engineer, simple as beautiful. Functional is beautiful.

How would you feel if craigslist dramatically changed in its appearance or its function?
I'm okay if the spirit is maintained. I like a very simple site with its use and functionality obvious when you look at it. Now maybe there's a better way to do that, that no one has come up with yet. If it's really better, I can't object to that. If it's genuinely better, I will say something. But again, I can't legitimately try to exert serious influence. Jim's boss.

In summary, what is your most concise answer to why craigslist still looks the same today?
People tell me it gets the job done. They want it done. As I like to put it, a nerd's got to do what a nerd's got to do.

LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted. BleepingComputer reports: In an update to the security incident notification published last month, Lastpass' CEO Karim Toubba also said that the company's investigation (carried out in partnership with cybersecurity firm Mandiant) found no evidence the threat actor accessed customer data or encrypted password vaults. "Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults," Toubba said.

While method through which the attacker was able to compromise a Lastpass developer's endpoint to access the Development environment, the investigation found that the threat actor was able to impersonate the developer after he "had successfully authenticated using multi-factor authentication." After analyzing source code and production builds, the company has also not found evidence that the attacker tried to inject malicious code. This is likely because only the Build Release team can push code from Development into Production, and even then, Toubba said the process involves code review, testing, and validation stages. Additionally, he added that the LastPass Development environment is "physically separated from, and has no direct connectivity to" Lastpass' Production environment. The company says it has since "deployed enhanced security controls including additional endpoint security controls and monitoring," as well as additional threat intelligence capabilities and enhanced detection and prevention technologies in both Development and Production environments.

Verizon Wireless, AT&T and Comcast were hit with copyright lawsuits accusing them of turning a blind eye to customers who illegally distribute and download pirated films. The production companies seek to force the internet providers to implement policies that provide for the termination of accounts held by repeat offenders and to block certain piracy websites. Hollywood Reporter: The trio of complaints filed throughout September, with the most recent filed Tuesday in Pennsylvania federal court, come from Voltage Pictures, After Productions and Ammo Entertainment, among others. Two law firms, Dovel & Luner and Culpepper IP, are representing the production labels. The internet providers knowingly contributed to copyright infringement by their customers, the lawsuits claim. Plaintiffs say they sent Verizon, AT&T and Comcast hundreds of thousands of notices about specific instances of infringement. They claim, for example, to have sent over 100,000 notices to Comcast concerning the illegal downloading of I Feel Pretty using its services. The lawsuit seeks to hold the internet providers liable for failing to investigate.

"Comcast did not take meaningful action to prevent ongoing infringements by these Comcast users," states the complaint. "Comcast failed to terminate the accounts associated with these IP addresses or otherwise take any meaningful action in response to these Notices. Comcast often failed to even forward the Notices to its internet service customers or otherwise inform them about the Notice or its contents." The internet providers, therefore, vicariously infringed on plaintiffs' movies since they had the right to terminate the accounts of customers who violate copyright law, the suit alleges. The Digital Millennium Copyright Act, passed in 1988, criminalizes services intended to circumvent measures that control access to copyrighted works. It provides protection from liability for services providers. But the production companies argue the internet providers don't have safe harbor under the law since it only shields companies if they've adopted and implemented policies that provide for the termination of accounts held by repeat offenders.

Banks' cryptocurrency projects have been upended by U.S. Securities and Exchange Commission (SEC) accounting guidance that would make it too capital-intensive for lenders to hold crypto tokens on behalf of clients, Reuters reported Friday, citing more than half a dozen people with knowledge of the matter. From the report: A slew of lenders including U.S. Bancorp, Goldman Sachs Group, JPMorgan Chase, BNY Mellon, Wells Fargo, Deutsche Bank, BNP Paribas and State Street offer or are working on crypto products and services for clients in a bid to tap in to the $1 trillion crypto market, according to their public statements and media reports.

But on March 31, the SEC said public companies that hold crypto assets on behalf of clients or others must account for them as liabilities on their balance sheets due to their technological, legal and regulatory risks. While the guidance applies to all public companies, it is especially problematic for banks because their strict capital rules, overseen by bank regulators, require them to hold cash against balance sheet liabilities. The SEC did not consult the banking regulators when issuing the guidance, according to four of the people. The SEC's move complicates banks' efforts to jump on the digital asset bandwagon, and could keep them on the sidelines even as they report increased demand from clients looking to access the burgeoning market. "This has thrown a huge wrench in the mix," one of the sources said. Lenders building out crypto offerings have had "to cease moving forward with those plans pending any kind of further action from the SEC and the banking regulatory agencies," they added. Custody banks State Street and BNY Mellon, which have been building digital asset offerings, are among those whose projects have been disrupted, according to three people with knowledge of the matter.

Uber says there is "no evidence" that any of its users' private information was compromised in a breach of its internal computer systems discovered Thursday. From a report: All of the company's products, including its ride-hail and Uber Eats food delivery services, are currently "operational," and law enforcement has been notified, Uber said in a statement this afternoon. The hack, which was discovered Thursday, forced the company to take several of its internal systems offline, including Slack, Amazon Web Services, and Google Cloud Platform. Uber is continuing to investigate how a hacker, who claims to be 18 years old, was able to gain administrator access to the company's internal tools. Those internal software tools were taken offline yesterday afternoon as "a precaution" and started to come back online earlier today, the company says.

AmiMoJo writes: The operator of the Fukushima No. 1 nuclear power plant, which suffered core meltdowns in 2011, is considering a new submersion method for removing radioactive fuel debris that would wholly encase a reactor building in a water-filled, tank-like structure, a source close to the company said earlier this month. Conceptual breakthroughs with the method, whose advantages include using water's ability to interrupt radiation and thereby provide a safer working environment, have made it a promising candidate for the cleanup of the defunct nuclear plant, according to the source close to Tokyo Electric Power Company Holdings (Tepco). But with no proven track record in the nuclear field, investigations are ongoing into future technological issues and costs, among other contingencies. The source said it could "require advanced technology to stop water leaking out and become a huge construction project."

Were it to go ahead, the process from building to actual debris removal would be lengthy and would likely affect total decommissioning costs, currently pegged at about $57.45 billion. In the aftermath of the March 2011 Great East Japan Earthquake and tsunami, nuclear fuel cooling processes failed at the Fukushima plant's reactors 1 through 3, causing the fuel to melt and re-solidify into radioactive debris mixed with concrete, metal and other materials present in the reactors. Debris removal is the operator's most challenging issue in the Fukushima plant cleanup. Some 880 tons of the radioactive waste material is estimated to have been created by the nuclear meltdown across the three reactors. The new submersion method, which is currently expected to be applied to the No. 3 reactor, would involve building a strong, pressure-resistant structure, much like a ship's hull or a plane's body, completely encapsulating the reactor, including underground. The structure could then be filled with water, and removal work would take place from the top.

Have you been encountering way too many unskippable ads on YouTube? You're not alone. PCMag: Oftentimes, YouTube only shows two ads before a video starts. But in recent weeks, some users on social media have reported seeing as many as five to eight or even 10 unskippable ads in a row. One user who encountered eight unskippable ads during a viewing said each ad was about five to 10 seconds in length. The high ad load is inevitably causing concerns YouTube will display more unskippable ads for all users in an effort to rake in more revenue. But the Google-owned platform told PCMag the sharp increase in the unskippable ads was merely a test.

"At YouTube, we're focused on helping brands connect with audiences around the world, and we're always testing new ways to surface ads that enhance the viewer experience," a YouTube spokesperson says in a statement. "We ran a small experiment globally that served multiple ads in an ad pod when viewers watched longer videos on connected TVs. The goal is to build a better experience for viewers by reducing ad breaks." In other words, the test was about showing the viewer more ads in the beginning of the YouTube video, rather than spacing them out. YouTube's spokesperson adds: "We have concluded this small experiment." But whether the platform will ramp up the unskippable ad rate in the future remains unclear.

An anonymous reader shares a report: Here's a fun new feature for Chrome for Android: fingerprint-protected Incognito tabs. 9to5Google discovered the feature in the Chrome 105 stable channel, though you'll have to dig deep into the settings to enable it at the moment. If you want to add a little more protection to your private browsing sessions, type "chrome://flags/#incognito-reauthentication-for-android" into the address bar and hit enter. After enabling the flag and restarting Chrome, you should see an option to "Lock Incognito tabs when you leave Chrome." If you leave your Incognito session and come back, an "unlock Incognito" screen will appear instead of your tabs, and you'll be asked for a fingerprint scan.

On Friday, Parler announced that it was entering the internet infrastructure industry in order to provide new "uncancelable" cloud services for online businesses. From a report: In a Friday press release, Parler announced that it was restructuring; the new venture, called Parlement Technologies, will provide new internet infrastructure services for businesses it says are at risk of being forced off the internet. With $16 million in new Series B funding, the company purchased Dynascale, a California-based cloud services company that touts more than $30 million in annual revenue and 50,000 square feet of data center space. "We are entering a new era as Parlement Technologies, one that goes far beyond the boundaries of a free speech social media platform," said Parlement Technologies CEO George Farmer. "We believe that Parlement Technologies will power the future. And the future is uncancelable."

Monitoring the last wild Chittenango ovate amber snails, scientists tiptoe through a waterfall spray zone the size of a living room. From a report: The Chittenango Creek, which runs north for about 30 twisting miles in central New York, has few distinguishing markers: The stream is generally only a couple of feet deep, and the towns it passes through are similarly small and overlooked. One exception is found a couple miles from the source of the creek, where the riverbed flattens out and drops 167 feet over a series of limestone cliffs that are segmented into ledges and still smaller rock shelves. The fractal qualities are magnified by the foaming water that tumbles in thin layers down the cliffs. On some mornings, sunlight from the southeast illuminates the mist, and the whole area glows. Around this time on a recent Thursday, a dozen people clustered on one side of the falls, along two ledges that were blanketed in snakeroot, yellow jewelweed, spotted Joe-Pye weed and pale swallowwort. Here, in an area about the size of a living room, is the only known habitat of a small, critically endangered invertebrate with a marbled spiral shell: the Chittenango ovate amber snail.

A thousand species of land snail worldwide are known to be at risk of extinction. Most have very specific needs and a limited geological range, so scientists have been studying their populations to understand how changes in the environment could affect biodiversity more broadly. "Land snails are apt to be the real canaries in the coal mine for these sorts of changes," said Rebecca Rundell, a biologist at the SUNY College of Environmental Science and Forestry. Dr. Rundell is conducting such research on endangered land snails in the Republic of Palau, and similar projects are underway in such far-flung places as Hawaii and Bermuda. But the same issues are at play in her backyard, with the "Chits," which can only flourish in nearly 100 percent humidity and the shade of deciduous forests. "The conservation status of our local snail is emblematic of what is happening to land snails globally," she said. And so Dr. Rundell's team, with volunteers and employees from the New York Department of Environmental Conservation, gathered on the side of the waterfall, their feet and knees planted cautiously but firmly on rocks, and sifted gently through the dirt and roots. Their goal: to figure out how many of these snails remain in the wild without crushing any in the process.

Intel is replacing its Pentium and Celeron brands with just Intel Processor. The new branding will replace both existing brands in 2023 notebooks and supposedly make things easier when consumers are looking to purchase budget laptops. From a report: Intel will now focus on its Core, Evo, and vPro brands for its flagship products and use Intel Processor in what it calls "essential" products. "Intel is committed to driving innovation to benefit users, and our entry-level processor families have been crucial for raising the PC standard across all price points," explains Josh Newman, VP and interim general manager of mobile client platforms at Intel. "The new Intel Processor branding will simplify our offerings so users can focus on choosing the right processor for their needs."

The end of the Pentium brand comes after nearly 30 years of use. Originally introduced in 1993, flagship Pentium chips were first introduced in high-end desktop machines before making the move to laptops. Intel has largely been using its Core branding for its flagship line of processors ever since its introduction in 2006, and Intel repurposed the Pentium branding for midrange processors instead. Celeron was Intel's brand name for low-cost PCs. Launched around five years after Pentium, Celeron chips have always offered a lot less performance at a lot less cost for laptop makers and, ultimately, consumers. The first Celeron chip in 1998 was based on a Pentium II processor, and the latest Celeron processors are largely used in Chromebooks and low-cost laptops.

SpaceX wants to show the world its Starlink satellite system can deliver Netflix and YouTube at 30,000 feet. So it recently held a demo for the media aboard a jet operated by its first airline customer, regional carrier JSX. From a report: The short jaunt from Burbank to San Jose, California marks the start of Elon Musk's bid to seize in-flight business from satellite providers Intelsat and Viasat that already serve thousands of aircraft. It won't be easy, even for a serial market disrupter such as Musk.

"Are they a serious competitor? Yes," said Jeff Sare, president of commercial aviation for Intelsat, a leading provider of wireless service on airlines. Still, Sare said, "We don't believe there's anybody that can beat us." Starlink, part of Musk's Space Exploration Technologies, delivers broadband from a constellation of low-flying small satellites. Lower satellites circle the planet in 90 to 120 minutes. That's a departure from the established practice of using a few powerful spacecraft in higher and slower orbits. An upside for Starlink is its signals arrive sooner.

The Biden administration has announced the latest in its renewable energy efforts, this time focused on a technology that hasn't really arrived yet: floating offshore wind turbines. From a report: Compared to turbines directly anchored on the seafloor, floating versions are estimated to cost about 50 percent more, which has made energy development of large areas of the ocean cost-prohibitive. The program announced this week will create a "wind shot" that aims to drop the costs by more than 70 percent over the next decade and position the US as a leader in this industry.

While offshore wind is booming in Europe and China (and poised for a belated takeoff in the US), existing hardware is built directly up from the seafloor, which requires sitting in shallow waters. This works out well for the US East Coast, where a broad continental shelf can host massive wind farms, many of which are in the permitting and planning stages. Most of those projects involve a partnership with European companies, as the US's long delay in adopting offshore wind has ceded the industry to the countries that pioneered the field. Based on a newly released map of the potential for offshore wind in the US, many areas with good potential are too deep to be exploited by wind turbines affixed to the ocean floor. This includes nearly the entire West Coast, Hawaii, and the Great Lakes. Even along the East Coast, floating turbines could greatly expand the areas open to development.

Ethereum's big software update on Thursday may have turned the second-largest cryptocurrency into a security in the eyes of a top U.S. regulator. From a report: Securities and Exchange Commission Chairman Gary Gensler said Thursday that cryptocurrencies and intermediaries that allow holders to "stake" their coins might pass a key test used by courts to determine whether an asset is a security. Known as the Howey test, it examines whether investors expect to earn a return from the work of third parties. "From the coin's perspective...that's another indicia that under the Howey test, the investing public is anticipating profits based on the efforts of others," Mr. Gensler told reporters after a congressional hearing. He said he wasn't referring to any specific cryptocurrency.

Issuers of securities -- a category of assets that includes stocks and bonds -- are required to file extensive disclosures with the SEC under laws passed in the 1930s. Exchanges and brokers that facilitate the trading of securities must comply with strict rules designed to protect investors from conflicts of interest. Cryptocurrency issuers and trading platforms face strict liabilities if they sell any assets that are deemed to be securities by the SEC or courts. Staking is one of two ways in which cryptocurrency networks verify transactions. Used by some of the largest cryptocurrencies -- including Solana, Cardano and, as of this week, ether -- it allows investors to lock up their tokens for a specified amount of time to receive a return.

Uber discovered its computer network had been breached on Thursday, leading the company to take several of its internal communications and engineering systems offline as it investigated the extent of the hack. From a report: The breach appeared to have compromised many of Uber's internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. "They pretty much have full access to Uber," said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. "This is a total compromise, from what it looks like."

An Uber spokesman said the company was investigating the breach and contacting law enforcement officials. Uber employees were instructed not to use the company's internal messaging service, Slack, and found that other internal systems were inaccessible, said two employees, who were not authorized to speak publicly. Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, "I announce I am a hacker and Uber has suffered a data breach." The message went on to list several internal databases that the hacker claimed had been compromised. BleepingComputers adds: According Curry, the hacker also had access to the company's HackerOne bug bounty program, where they commented on all of the company's bug bounty tickets. Curry told BleepingComputer that he first learned of the breach after the attacker left the above comment on a vulnerability report he submitted to Uber two years ago. Uber runs a HackerOne bug bounty program that allows security researchers to privately disclose vulnerabilities in their systems and apps in exchange for a monetary bug bounty reward. These vulnerability reports are meant to be kept confidential until a fix can be released to prevent attackers from exploiting them in attacks.

Curry further shared that an Uber employee said the threat actor had access to all of the company's private vulnerability submissions on HackerOne. BleepingComputer was also told by a source that the attacker downloaded all vulnerability reports before they lost access to Uber's bug bounty program. This likely includes vulnerability reports that have not been fixed, presenting a severe security risk to Uber. HackerOne has since disabled the Uber bug bounty program, cutting off access to the disclosed vulnerabilities.

Three Iranian nationals charged with hacking into US-based computer networks sent ransom demands to the printers of at least some of their victims, according to an indictment unsealed today. The ransom demands allegedly sought payments in exchange for BitLocker decryption keys that the victims could use to regain access to their data. The three defendants remain at large and outside the US, the DOJ said. From a report: "The defendants' hacking campaign exploited known vulnerabilities in commonly used network devices and software applications to gain access and exfiltrate data and information from victims' computer systems," the US Department of Justice said in a press release. Defendants Mansour Ahmadi, Ahmad Khatibi, Amir Hossein Nickaein, "and others also conducted encryption attacks against victims' computer systems, denying victims access to their systems and data unless a ransom payment was made." The indictment in US District Court for the District of New Jersey describes a few incidents in which ransom demands were sent to printers on hacked networks. In one case, a printed message sent to an accounting firm allegedly said, "We will sell your data if you decide not to pay or try to recover them." In another incident, the indictment said a Pennsylvania-based domestic violence shelter hacked in December 2021 received a message on its printers that said, "Hi. Do not take any action for recovery. Your files may be corrupted and not recoverable. Just contact us."

Since the data of about roughly 1 billion Chinese citizens appeared for sale on a popular dark web forum in June, researchers have observed a surge in other kinds of personal records from China appearing on cybercriminal marketplaces. From a report: In the aftermath of that record leak, an estimated 290 million records about people in China surfaced on an underground bazaar known as Breach Forums in July, according to Group-IB, a cybersecurity firm based in Singapore. In August, one seller hawked personal information belonging to nearly 50 million users of Shanghai's mandatory health code system, used to enforce quarantine and testing orders. The alleged hoard included names, phone numbers, IDs and their Covid status -- for the price of $4,000.

"The forum has never seen such an influx of Chinese users and interest in Chinese data," said Feixiang He, a researcher at Group-IB. "The number of attacks on Chinese users may grow in the near future." Bloomberg was unable to confirm the authenticity of the datasets for sale on Breach Forums. The website, like other markets where illicit goods are sold, has been home to false advertisements meant to generate attention, as well as legitimate data apparently stolen in security incidents, including an instance where users marketed user information taken from Twitter.