Technology

Archived version

Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday.

The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor.

"Investigators are exploring whether the intruders gained access to Cisco Systems routers, core network components that route much of the traffic on the internet," the publication was quoted as saying, citing people familiar with the matter.

The end goal of the attacks is to gain a persistent foothold within target networks, allowing the threat actors to harvest sensitive data or launch a damaging cyber attack.

archive.is link

a few interesting ideas in here, but also a few weird ideas and ideas i don't think are going to work at all. (also i'm not sure it's actually possible to build a "good" dating app.)

What sets the app apart from the rest of the dating app scene is that After requires users to share why they have unmatched a person before they are allowed to keep swiping. The idea behind the feature is to get rid of abrupt disconnections and confusion.

If two people match on After and start a conversation, but one person stops replying, they will be nudged to respond. If the person still doesn’t message the other user, the match expires. Before they can use the app’s features again, they need to choose a reason why they let the match expire.

Users can choose from a list of reasons to explain why they decided to stop responding. For instance, they can say distance was an issue or that the vibes didn’t match. After will then create a kind message and send it to the other person, and remind them that this isn’t a representation of who they are or their worth.

After will soon include opt-in mental health check-ins where you can reflect on your mood and feelings. And if the app thinks you have been using it too much, it will suggest that you take a break.

OONI Explorer is one of the largest open datasets on internet censorship around the world. We first launched this web platform back in 2016 with the goal of enabling researchers, journalists, and human rights defenders to investigate internet censorship based on empirical network measurement data that is contributed by OONI Probe users worldwide. Every day, we publish new measurements from around the world in real-time.

Today, OONI Explorer hosts more than 2 billion network measurements collected from 27 thousand distinct networks in 242 countries and territories since 2012. Out of all countries, OONI Probe users in Russia contribute the second largest volume of measurements (following the U.S, where OONI Probe users contribute the most measurements out of any country). This has enabled us to study various cases of internet censorship in Russia, such as the blocking of Tor, the blocking of independent news media websites, and how internet censorship in Russia changed amid the war in Ukraine.

I’m not sure where else best to post this, so please direct me if there is somewhere more appropriate.

I’m looking at getting cable again and still have a DOCSIS 3.0 modem. It looks like the biggest limiting factor is the speed but there are other mentions of “improved latecy and power comsumption.” If I’m not get a speed that exceeds 1Gbps, is the latency that much better for $160? I game a little online but hadnt noticed an issue in the past.

For that matter, is an AC wireless router is fine? The AX or Wifi 6 looked neat, but I’m just not sure the benfits are worth the cost. Any input is appreciated.

cross-posted from: https://feddit.org/post/3122226

Archived link

Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server.

Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer.

It's a tale that should be a warning to those with long- or almost-forgotten machines connected to their networks; those with shadow IT deployments; and those with unmanaged equipment. While the rest of your environment is protected by whatever threat detection you have in place, these legacy services are perfect starting points for miscreants.

[...]

This particular company, which Dwyer declined to name, makes components for public and private aerospace organizations and other critical sectors, including oil and gas. The intrusion has been attributed to an unnamed People's Republic of China team, whose motivation appears to be espionage and blueprint theft.

[...]

Archived link

The Commerce Department said Monday it’s seeking a ban on the sale of connected and autonomous vehicles in the U.S. that are equipped with Chinese and Russian software and hardware with the stated goal of protecting national security and U.S. drivers.

[...]

The measure announced Monday is proactive but critical, the agency said, given that all the bells and whistles in cars like microphones, cameras, GPS tracking and Bluetooth technology could make Americans more vulnerable to bad actors and potentially expose personal information, from the home address of drivers, to where their children go to school.

In extreme situations, a foreign adversary could shut down or take simultaneous control of multiple vehicles operating in the United States, causing crashes and blocking roads, U.S. Secretary of Commerce Gina Raimondo told reporters on a call Sunday.

“This is not about trade or economic advantage,” Raimondo said. “This is a strictly national security action. The good news is right now, we don’t have many Chinese or Russian cars on our road.”

But Raimondo said Europe and other regions in the world where Chinese vehicles have become commonplace very quickly should serve as “a cautionary tale” for the U.S.

Security concerns around the extensive software-driven functions in Chinese vehicles have arisen in Europe, where Chinese electric cars have rapidly gained market share.

“Who controls these data flows and software updates is a far from trivial question, the answers to which encroach on matters of national security, cybersecurity, and individual privacy,” Janka Oertel, director of the Asia program at the European Council on Foreign Relations, wrote on the council’s website.

[...]

A senior administration official said that it is clear from terms of service contracts included with the technology that data from vehicles ends up in China.

Raimondo said that the U.S. won’t wait until its roads are populated with Chinese or Russian cars.

[...]

The proposed rule would prohibit the import and sale of vehicles with Russia and China-manufactured software and hardware that would allow the vehicle to communicate externally through Bluetooth, cellular, satellite or Wi-Fi modules. It would also prohibit the sale or import of software components made in Russia or the People’s Republic of China that collectively allow a highly autonomous vehicle to operate without a driver behind the wheel. The ban would include vehicles made in the U.S. using Chinese and Russian technology.

[...]

The new rule follows steps taken earlier this month by the Biden administration to crack down on cheap products sold out of China, including electric vehicles, expanding a push to reduce U.S. dependence on Beijing and bolster homegrown industry.

cross-posted from: https://jlai.lu/post/10771035, https://jlai.lu/post/10771034

Personal review:

A good recap of his previous writings and talks on the subject for the first third, but a bit long. Having paid attention to them for the past year or two, my attention started drifting a few times. I ended up being more impressed with how much he's managed to condense explaining "enshittification" from 45+ minutes down to around 15.

As soon as he starts building off of that to work towards the core of his message for this talk, I was more-or-less glued to the screen. At first because it's not exactly clear where he's going, and there are (what felt like) many specific court rulings to keep up with. Thankfully, once he has laid enough groundwork he gets straight his point. I don't want to spoil or otherwise lessen the performance he gives, so I won't directly comment on what his point is in the body of this post - I think the comments are better suited for that anyways.

I found the rest to be pretty compelling. He rides the fine line between directionless discontent and overenthusiastic activist-with-a-plan as he doubles down on his narrative by calling back to the various bits of groundwork he laid before - now that we're "in" on the idea, what felt like stumbling around in the dark turns into an illuminating path through some of the specifics of the last twenty to forty years of the dynamics of power between tech bosses and their employees. The rousing call to action was also great way to end and wrap it all up.

I've become very biased towards Cory Doctorow's ideas, in part because they line up with a lot of the impressions I have from my few years working as a dev in a big-ish multinational tech company. This talk has done nothing to diminish that bias - on the contrary.

I'm sure everyone in this community is already familiar with the concept that this video is presenting, and might even already know all of the examples he gives. But I got a laugh out of it, and I love his presentation style.

cross-posted from: https://lemmy.world/post/20028344

Despite US dominance in so many different areas of technology, we're sadly somewhat of a backwater when it comes to car headlamps. It's been this way for many decades, a result of restrictive federal vehicle regulations that get updated rarely. The latest lights to try to work their way through red tape and onto the road are active-matrix LED lamps, which can shape their beams to avoid blinding oncoming drivers.

From the 1960s, Federal Motor Vehicle Safety Standards allowed for only sealed high- and low-beam headlamps, and as a result, automakers like Mercedes-Benz would sell cars with less capable lighting in North America than it offered to European customers.

A decade ago, this was still the case. In 2014, Audi tried unsuccessfully to bring its new laser high-beam technology to US roads. Developed in the racing crucible that is the 24 Hours of Le Mans, the laser lights illuminate much farther down the road than the high beams of the time, but in this case, the lighting tech had to satisfy both the National Highway Traffic Safety Administration and the Food and Drug Administration, which has regulatory oversight for any laser products.

The good news is that by 2019, laser high beams were finally an available option on US roads, albeit once the power got turned down to reduce their range.

NHTSA's opposition to advanced lighting tech is not entirely misplaced. Obviously, being able to see far down the road at night is a good thing for a driver. On the other hand, being dazzled or blinded by the bright headlights of an approaching driver is categorically not a good thing. Nor is losing your night vision to the glare of a car (it's always a pickup) behind you with too-bright lights that fill your mirrors.

This is where active-matrix LED high beams come in, which use clusters of controllable LED pixels. Think of it like a more advanced version of the "auto high beam" function found on many newer cars, which uses a car's forward-looking sensors to know when to dim the lights and when to leave the high beams on.

Here, sensor data is used much more granularly. Instead of turning off the entire high beam, the car only turns off individual pixels, so the roadway is still illuminated, but a car a few hundred feet up the road won't be.

Rather than design entirely new headlight clusters for the US, most OEMs' solution was to offer the hardware here but disable the beam-shaping function—easy to do when it's just software. But in 2022, NHTSA relented—nine years after Toyota first asked the regulator to reconsider its stance.

Hopper's famous 1982 lecture on "Future Possibilities: Data, Hardware, Software, and People," has long been publicly unavailable because of the obsolete media on which it was recorded. The National Archives and Records Administration (NARA) finally managed to retrieve the footage for the National Security Agency (NSA), which posted the lecture in two parts on YouTube.

$240 USD for an expensive piece of junk
sheeesh