An anonymous reader quotes a report from The Record: One of the nation's largest private radiology companies agreed to pay a $450,000 fine after a 2021 ransomware attack led to the exposure of sensitive information from nearly 200,000 patients. In an agreement announced on Wednesday, New York Attorney General Letitia James said US Radiology failed to remediate a vulnerability announced by security company SonicWall in January 2021. US Radiology used the company's firewall to protect its network and provide managed services for many of its partner companies, including the Windsong Radiology Group, which has six facilities across Western New York.

The vulnerability highlighted by the attorney general -- CVE-2021-20016 -- was used by ransomware gangs in several attacks. US Radiology was unable to install the firmware patch for the zero-day because its SonicWall hardware was at an end-of-life stage and was no longer supported. The company planned to replace the hardware in July 2021, but the project was delayed "due to competing priorities and resource restraints." The vulnerability was never addressed, and the company was attacked by an unnamed ransomware gang on December 8, 2021.

An investigation determined that the hacker was able to gain access to files that included the names, dates of birth, patient IDs, dates of service, provider names, types of radiology exams, diagnoses and/or health insurance ID numbers of 198,260 patients. The data exposed during the incident also included driver's license numbers, passport numbers, and Social Security numbers for 82,478 New Yorkers. [...] In addition to the $450,000 penalty, the company will have to upgrade its IT network, hire someone to manage its data security program, encrypt all sensitive patient information and develop a penetration testing program. The company will have to delete patient data "when there is no reasonable business purpose to retain it" and submit compliance reports to the state for two years. "When patients visit a medical facility, they deserve confidence in knowing that their personal information will not be compromised when they are receiving care," said Attorney General James. "US Radiology failed to protect New Yorkers' data and was vulnerable to attack because of outdated equipment. In the face of increasing cyberattacks and more sophisticated scams to steal private data, I urge all companies to make necessary upgrades and security fixes to their computer hardware and systems."

A partnership between Qualcomm and Iridium to bring satellite connectivity to Android phones has fallen apart, almost a year after the deal was announced. From a report: In January, the two companies debuted the Snapdragon Satellite platform, a way to bring satellite-based SMS and emergency messaging to high-end smartphones. But on Thursday, Iridium said Qualcomm will cancel the partnership, effective Dec. 3. "The companies successfully developed and demonstrated the technology; however, notwithstanding this technical success, smartphone manufacturers have not included the technology in their devices," Iridium said in the announcement. "Due to this, on November 3, 2023, Qualcomm notified Iridium that it has elected to terminate the agreements."

Qualcomm didn't immediately respond to a request for comment. But the statement from Iridium suggests the Snapdragon Satellite platform suffered from technical issues, or perhaps failed to attract interest from smartphone vendors. Back in January, the companies also indicated that the Snapdragon Satellite platform would require supported phones to be manufactured with modems that could communicate with the Iridum network's L-Band radio frequencies.

Michael Kan reports via PCMag: Encrypted messaging service Signal is now testing usernames, which will offer people a more private way to share their contact details on the app. Signal kicked off the public test today through a new beta build available in its community forums. "After rounds of internal testing, we have hit the point where we think the community that powers these forums can help us test even further before public launch," says Signal VP of Engineering Jim O'Leary.

The development is a big deal since Signal -- an end-to-end encrypted messaging app -- has long required users to sign up with a phone number. That same number also needs to be shared in order to message other users on the app. This can be problematic since sharing your phone number exposes you to privacy and hacking risks. For example, a contact on Signal could choose to call and message your number over an unencrypted cellular network or pass off the number to someone else.

Long-time Slashdot reader RobHart writes: During the night, the entire Optus mobile network went down and remains down. This is the second largest mobile network in Australia and it is the first time a network has gone down nationwide. It is affecting the trains in Melbourne and any business across Australia that uses the Optus service for phones or data. "Optus is aware of an issue that may be impacting some of our mobile and internet customers," the company wrote in a statement. "We are currently working to identify the cause and apologize for any inconvenience. In case of an emergency customers can still call triple zero."

Authorities are checking whether the outage is the result of a cyberattack, although they don't believe it is.

In an attempt to boost broadband competition, Canada's telecom regulator is forcing large phone companies to open their fiber networks to competitors. Smaller companies will be allowed to buy network capacity and use it to offer competing broadband plans to consumers. From a report: Evidence received during a comment period "shows that competition in the Internet services market is declining," the Canadian Radio-television and Telecommunications Commission (CRTC) said in its announcement. The CRTC said the "decrease is most significant in Ontario and Quebec, where independent competitors now serve 47 percent fewer customers than they did just two years ago. At the same time, several competitors have been bought out by larger Internet providers. This has left many Canadians with fewer options for high-speed Internet services."

The CRTC hasn't made a final decision on fiber resale. But in the meantime, until a more permanent ruling is made, large telcos in Ontario and Quebec will be "required to provide competitors with access to their fibre-to-the-home networks within six months," the CRTC said. The six-month period is intended to give companies time to prepare their networks and develop information technology and billing systems, the agency said. "On a temporary and expedited basis, the CRTC is providing competitors with a workable way to sell Internet services using the fibre-to-the-home networks of large telephone companies in Ontario and Quebec, where competition has declined most significantly," the agency said. "The CRTC is also setting the interim rates that competitors will pay when selling services over these fibre-to-the-home networks. These rates were chosen to allow Canada's large Internet companies to continue investing in their networks to deliver high-quality services to Canadians."

An anonymous reader quotes a report from the New York Times: Later this month, delegations from around the world will head to a conference in Dubai to discuss international treaties involving radio frequencies, satellite coordination and other tricky technical issues. These include the nagging problem of the clocks. For 50 years, the international community has carefully and precariously balanced two different ways of keeping time. One method, based on Earth's rotation, is as old as human timekeeping itself, an ancient and common-sense reliance on the position of the sun and stars. The other, more precise method coaxes a steady, reliable frequency from the changing state of cesium atoms and provides essential regularity for the digital devices that dominate our lives.

The trouble is that the times on these clocks diverge. The astronomical time, called Universal Time, or UT1, has tended to fall a few clicks behind the atomic one, called International Atomic Time, or TAI. So every few years since 1972, the two times have been synced by the insertion of leap seconds — pausing the atomic clocks briefly to let the astronomic one catch up. This creates UTC, Universal Coordinated Time. But it's hard to forecast precisely when the leap second will be required, and this has created an intensifying headache for technology companies, countries and the world's timekeepers.

"Having to deal with leap seconds drives me crazy," said Judah Levine, head of the Network Synchronization Project in the Time and Frequency Division at the National Institute of Standards and Technology in Boulder, Colo., where he is a leading thinker on coordinating the world's clocks. He is constantly badgered for updates and better solutions, he said: "I get a bazillion emails." On the eve of the next international discussion, Dr. Levine has written a paper that proposes a new solution: the leap minute. The idea is to sync the clocks less frequently, perhaps every half-century, essentially letting atomic time diverge from cosmos-based time for 60 seconds or even a tad longer, and basically forgetting about it in the meantime. The proposal from Levine may face opposition from vested interests and strong opinions in the international community -- notably, the Russians and the Vatican. "The head of the IBWM (or BIPM in French) said in November 2022 that Russia opposed the dropping of leap seconds because it wanted to wait until 2040," reports Ars Technica. "The nation's satellite positioning system, GLONASS, was built with leap seconds in mind, and reworking the system would seemingly be taxing."

"There's also the Vatican, which has concerned itself with astronomy since at least the Gregorian Calendar, and may also oppose the removal of leap seconds. The Rev. Paul Gabor, astrophysicist and vice director of the Vatican Observatory Research Group in Tucson, Arizona, has been quoted and cited as opposing the deeper separation of human and planetary time. Keeping proper time, Gabor wrote his 2017 book The Science of Time, is 'one of the oldest missions of astronomy.'"

"In the current Leap Second Debate, there are rational arguments, focused on practical considerations, and there is a certain unspoken unease, emerging from the symbolic substrata of the issues involved," Gabor writes.

A top scientist has proposed a new way to reconcile the two different ways that our clocks keep time. Meet -- wait for it -- the leap minute. From a report: Later this month, delegations from around the world will head to a conference in Dubai to discuss international treaties involving radio frequencies, satellite coordination and other tricky technical issues. These include the nagging problem of the clocks. For 50 years, the international community has carefully and precariously balanced two different ways of keeping time. One method, based on Earth's rotation, is as old as human timekeeping itself, an ancient and common-sense reliance on the position of the sun and stars. The other, more precise method coaxes a steady, reliable frequency from the changing state of cesium atoms and provides essential regularity for the digital devices that dominate our lives.

The trouble is that the times on these clocks diverge. The astronomical time, called Universal Time, or UT1, has tended to fall a few clicks behind the atomic one, called International Atomic Time, or TAI. So every few years since 1972, the two times have been synced by the insertion of leap seconds -- pausing the atomic clocks briefly to let the astronomic one catch up. This creates UTC, Universal Coordinated Time. But it's hard to forecast precisely when the leap second will be required, and this has created an intensifying headache for technology companies, countries and the world's timekeepers.

"Having to deal with leap seconds drives me crazy," said Judah Levine, head of the Network Synchronization Project in the Time and Frequency Division at the National Institute of Standards and Technology in Boulder, Colo., where he is a leading thinker on coordinating the world's clocks. He is constantly badgered for updates and better solutions, he said: "I get a bazillion emails." On the eve of the next international discussion, Dr. Levine has written a paper that proposes a new solution: the leap minute. The idea is to sync the clocks less frequently, perhaps every half-century, essentially letting atomic time diverge from cosmos-based time for 60 seconds or even a tad longer, and basically forgetting about it in the meantime.

An anonymous reader quotes a report from TechCrunch: A relatively new venture founded by Navneet Dalal, an ex-Google research scientist, Matic, formerly known as Matician, is developing robots that can navigate homes to clean "more like a human," as Dalal puts it. Matic today revealed that it has raised $29.5 million, inclusive of a $24 million Series A led by a who's who of tech luminaries, including GitHub co-founder Nat Friedman, Stripe co-founders John and Patrick Collison, Quora CEO Adam D'Angelo and Twitter co-founder and Block CEO Jack Dorsey.

Dalal co-founded Matic in 2017 with Mehul Nariyawala, previously a lead product manager at Nest, where he oversaw Nest's security camera portfolio. [...] Early on, Matic focused on building robot vacuums -- but not because Dalal, who serves as the company's CEO, saw Matic competing with the iRobots and Ecovacs of the world. Rather, floor-cleaning robots provided a convenient means to thoroughly map indoor spaces, he and Nariyawala believed. "Robot vacuums became our initial focus due to their need to cover every inch of indoor surfaces, making them ideal for mapping," Dalal said. "Moreover, the floor-cleaning robot market was ripe for innovation." [...] "Matic was inspired by busy working parents who want to live in a tidy home, but don't want to spend their limited free time cleaning," Dalal said. "It's the first fully autonomous floor cleaning robot that continuously learns and adapts to users' cleaning preferences without ever compromising their privacy."

There are a lot of bold claims in that statement. But on the subject of privacy, Matic does indeed -- or at least claims to -- ensure data doesn't leave a customer's home. All processing happens on the robot (on hardware "equivalent to an iPhone 6," Dalal says), and mapping and telemetry data is saved locally, not in the cloud, unless users opt in to sharing. Matic doesn't even require an internet connection to get up and running -- only a smartphone paired over a local Wi-Fi network. The Matic vacuum understands an array of voice commands and gestures for fine-grained control. And -- unlike some robot vacuums in the market -- it can pick up cleaning tasks where it left off in the event that it's interrupted (say, by a wayward pet). Dalal says that Matic can also prioritize areas to clean depending on factors like the time of day and nearby rooms and furniture. Dalal insists that all this navigational lifting can be accomplished with cameras alone. "In order to run all the necessary algorithms, from 3D depth to semantics to ... controls and navigation, on the robot, we had to vertically integrate and hyper-optimize the entire codebase," Dalal said, "from the modifying kernel to building a first-of-its-kind iOS app with live 3D mapping. This enables us to deliver an affordable robot to our customers that solves a real problem with full autonomy."

The robot won't be cheap. It starts at $1,795 but will be available for a limited time at a discounted price of $1,495.

LinkedIn, the business-focused social network owned by Microsoft, on Wednesday said it now has more than 1 billion members and is adding more AI features for paying users. From a report: Crossing the billion-users mark puts LinkedIn -- where members maintain a resume-like profile of their education, work experience and professional skills -- in the top-tier of social media networks that include rivals such as Meta Platforms. About 80% of recent members are signing up from outside of the United States, the company has said.

LinkedIn has a free tier of membership but also offers subscriptions. Members of its $39.99-a-month tier will get new AI features that can tell a user, who may be plowing through dozens of job postings, whether they're a good candidate based on the information in their profile. The system can also recommend profile changes to make the user more competitive for a job.

An anonymous reader quotes a report from TechCrunch: After a weekend of almost complete internet blackout, connectivity in Gaza has been partially restored. On Friday, internet monitoring firms and experts reported that access to the internet had significantly degraded in the Palestinian enclave. The local internet service NetStream "collapsed," according to NetBlocks, a firm that tracks internet access across the world. At the same time, IODA, another internet monitoring system, showed outages and degradation across several Palestinian internet providers. The lack of internet communications caused emergency lines to stop ringing, made it hard for paramedics to locate the wounded, and for family members to reach relatives and friends, according to The New York Times.

On Sunday, IODA reported "marginal restoration" of internet connectivity in Gaza. Abdulmajeed Melhem, chief executive of the Palestinian main telecommunications company Paltel Group, told The Times that the internet had come back even though the company had not made any repairs. Then on Monday, Gaza had roughly the same access to internet connectivity as before Friday, according to several experts and firms that are monitoring the internet in the region, including Doug Madory, an expert who for years has focused on monitoring networks across the world. "There was the 34 hour complete blackout from Friday to Sunday -- a first for Gaza. Then there was last night's partial outage in northern Gaza," Madory, who is the director of internet analysis at Kentik, told TechCrunch on Monday. "The situation is still very precious: no power, little water. Service could potentially drop out again at any time." [...]

It's unclear what caused the internet outages in Gaza on Friday and what caused the improvements on Sunday and Monday. The Washington Post reported on Sunday that the U.S. government put pressure on the Israeli government to switch the internet back on in Gaza, citing an unnamed U.S. official. "We made it clear they had to be turned back on," the official said. "The communications are back on. They need to stay on," The Post quoted the official as saying. Also on Sunday, The Times reported that the U.S. government believed that the Israeli government was responsible for the near-blackout of the internet in Gaza.

Long-time Slashdot reader destinyland writes: In 1994 the TV show Friends premiered, and its first season's high ratings made it the 8th most-popular show. The next year Microsoft released Windows 95 — and filmed a promotional video for it with 25-year-old Matthew Perry and 26-year-old Jennifer Aniston.

"They'll be taking you on an adventure in computing that takes place in the office of Microsoft chairman Bill Gates," explains the video's narrator, adding "Along the way, they meet a wacky bunch of propellor-heads.... And are introduced the top 25 features of Windows 95!"

It's a journey back in time. (At one point the video refers to Windows as the operating system "with tens of millions of users.") Their 30-minute segment — billed as "the world's first cyber sitcom" — appears in an hour-long video introducing revolutionary features like the new "Start" button. Also demonstrated in Excel are the new minimize and maximize "features" in "the upper right-side of the window". And the two actors marvel at the ability to type a filename that was longer than eight characters...

Watch for reminders that The Microsoft Windows 95 Video Guide was filmed nearly three decades ago. When the desktop appears after waking from screensaver mode, Perry notes that there's "no messy DOS build-up." And later the video reminds viewers that Windows 95 is compatible "with DOS games like Flight Simulator." There's also a brand new feature called "Windows Explorer" (which is described as "File Manager on steroids"), as well as a new "Find" option, and a brand new icon named "My Computer". And near the end they pay a visit to the Microsoft Network — which was mostly a "walled garden" online service — described in the video as "your on-ramp to the information superhighway".

The video even explains how Windows 95 "uses the right mouse button for what Microsoft calls power users."

And by the end of it, Jennifer Anniston finds herself playing Space Cadet 3D pinball.

The Washington Post's editorial board looks at America's "net neutrality" debate.

But first they note that America's communications-regulating FCC has "limited authority to regulate unless broadband is considered a 'common carrier' under the Telecommunications Act of 1996." The FCC under President Barack Obama moved to reclassify broadband so it could regulate broadband companies; the FCC under President Donald Trump reversed the change. Dismayed advocates warned the world that, without the protections in place, the internet would break. You'll never guess what happened next: nothing. Or, at least, almost nothing. The internet did not break, and internet service providers for the most part did not block and they did not throttle.

All the same, today's FCC, under Chairwoman Jessica Rosenworcel, has just moved to re-reclassify broadband. The interesting part is that her strongest argument doesn't have much to do with net neutrality, but with some of the other benefits the country could see from having a federal watchdog keeping an eye on the broadband business... Broadband is an essential service... Yet there isn't a single government agency with sufficient authority to oversee this vital tool. Asserting federal authority over broadband would empower regulation of any blocking, throttling or anti-competitive paid traffic prioritization that they might engage in. But it could also help ensure the safety and security of U.S. networks.

The FCC has, on national security grounds, removed authorization for companies affiliated with adversary states, such as China's Huawei, from participating in U.S. telecommunications markets. The agency can do this for phone carriers. But it can't do it for broadband, because it isn't allowed to. Or consider public safety during a crisis. The FCC doesn't have the ability to access the data it needs to know when and where there are broadband outages — much less the ability to do anything about those outages if they are identified. Similarly, it can't impose requirements for network resiliency to help prevent those outages from occurring in the first place — during, say, a natural disaster or a cyberattack.

The agency has ample power to police the types of services that are becoming less relevant in American life, such as landline telephones, and little power to police those that are becoming more important every day.
The FCC acknowledges this power would also allow them to prohibit "throttling" of content. But the Post's editorial also makes the argument that here in 2023 that's "unlikely to have any major effect on the broadband industry in either direction... Substantial consequences have only become less likely as high-speed bandwidth has become less limited."

To explore America's "transition to a post-quantum world," the Washington Post interviewed U.S. federal official Nick Polk, who is focused on national security issues including quantum computing and is also a senior advisor to a White House federal chief information security officer): The Washington Post: The U.S. is in the early stages of a major shift focused on bolstering government network defenses, pushing federal agencies to adopt a new encryption standard known as post-quantum cryptography that aims to prevent systems from being vulnerable to advanced decryption techniques enabled by quantum computers in the near future...

Nick Polk: We've been using asymmetric encryption for a very long time now, and it's been ubiquitous since about 2014, when the U.S. government and some of the large tech companies decided that they're going to make it a default on most web browsers... Interestingly enough, regarding the post-quantum cryptographic standards being developed, the only thing that's quantum about them is that it has "quantum" in the name. It's really just a different type of math that's much more difficult for a quantum computer to be able to reverse-engineer. The National Institute of Standards and Technology is looking at different mathematical models to cover all their bases. The interesting thing is that these post-quantum standards are actually being used to protect classical computers that we have now, like laptops...

Given the breadth of the U.S. government and the amount of computing power we use, we really see ourselves and our role as a steward of the tech ecosystem. One of the things that came out of [this week's Inside Quantum Technology conference in New York City] was that we are very quickly moving along with the private sector to migrate to post-quantum cryptography. I think you're gonna see very shortly a lot of very sensitive private sector industries start to migrate or start to advertise that they're going to migrate. Banks are a perfect example. That means meeting with vendors regularly, and testing their algorithms to ensure that we can accurately and effectively implement them on federal systems...

The administration and national security memorandum set 2035 as our deadline as a government to migrate our [national security] systems to post-quantum cryptography. That's supposed to time with the development of operational quantum computers. We need to ensure that we start now, so that we don't end up not meeting the deadline before computers are operational... This is a prioritized migration for the U.S. government. We're going to start with our most critical systems — that includes what we call high-value assets, and high-impact systems. So for example, we're gonna prioritize systems that have personal health information.

That's our biggest emphasis — both when we talk to private industry and when we encourage agencies when they talk to their contractors and vendors — to really think about where your most sensitive data is and then prioritize those systems for migration.

PC Magazine reports: A powerful piece of malware has been disguising itself as a trivial cryptocurrency miner to help it evade detection for more than five years, according to antivirus provider Kaspersky. This so-called "StripedFly" malware has infected over 1 million Windows and Linux computers around the globe since 2016, Kaspersky says in a report released Thursday...

StripedFly incorporated a version of EternalBlue, the notorious NSA-developed exploit that was later leaked and used in the WannaCry ransomware attack to infect hundreds of thousands of Windows machines back in 2017. According to Kaspersky, StripedFly uses its own custom EternalBlue attack to infiltrate unpatched Windows systems and quietly spread across a victim's network, including to Linux machines. The malware can then harvest sensitive data from infected computers, such as login credentials and personal data. "Furthermore, the malware can capture screenshots on the victim's device without detection, gain significant control over the machine, and even record microphone input," the company's security researchers added.

To evade detection, the creators behind StripedFly settled on a novel method by adding a cryptocurrency mining module to prevent antivirus systems from discovering the malware's full capabilities.

A new study found that adult ADHD "may take a toll on the brain and is linked to a higher likelihood of developing dementia," reports the Washington Post: A study published in JAMA Network Open reported that being diagnosed with ADHD as an adult is associated with a 2.77-fold increased risk of dementia.

The study only showed an association and doesn't tell us whether ADHD is a direct cause of cognitive decline. But the results suggest that "if you do have attention-deficit disorder, you're going to have more trouble with normal brain aging," said Sandra Black, a cognitive neurologist at Sunnybrook Research Institute in Toronto who was not involved in the study. "It adds another risk factor...."

Notably, of the 730 participants with adult ADHD, 13.2 percent (96 participants) were diagnosed with dementia. In contrast, of the 108,388 participants without adult ADHD, just 7 percent (7,630 participants) developed dementia. Intriguingly, adults with ADHD who were taking a psychostimulant medication such as Ritalin or Adderall did not have an increased risk of developing dementia compared with those not taking medication. Only 22.3 percent of people with ADHD had taken a psychostimulant medication at any point.
The Post also notes the work of Sara Becker, a postdoctoral research associate at the University of Calgary. "In a 2023 systematic review, Becker and her colleagues identified only seven previous studies investigating the link between ADHD and neurodegenerative diseases such as dementia, most of which found that adult ADHD conferred a higher dementia risk."
The research highlights the importance of seeking care — and the need for more research. Treatment with psychostimulant medications may attenuate the risk, said Stephen Levine, a professor at the University of Haifa's School of Public Health in Israel and the lead author of the study. Lifestyle changes, such as better sleep and staying socially engaged, can also lower risk for dementia....

A 2020 landmark study by the Lancet Commission highlighted 12 modifiable factors for dementia that, if addressed, could mitigate the risk of dementia by up to 40 percent. Some of these factors are hearing loss, excessive alcohol intake and smoking.
Other lifestyle changes that lower your risk of demential include keeping up your physical activity, and eating a Mediterranean diet, the Post reports (citing cognitive neurologist Sandra Black).

An estimated 3 percent of adults have ADHD.

"For the last two decades, our social networking and social media platforms have been universes unto themselves," writes the Verge's editor-at-large: Each has its own social graph, charting who you follow and who follows you. Each has its own feed, its own algorithms, its own apps, and its own user interfaces (though they've all pretty much landed on the same aesthetics over time). Each also has its own publishing tools, its own character limits, its own image filters. Being online means constantly flitting between these places and their ever-shifting sets of rules and norms. Now, though, we may be at the beginning of a new era. Instead of a half-dozen platforms competing to own your entire life, apps like Mastodon, Bluesky, Pixelfed, Lemmy, and others are building a more interconnected social ecosystem.

If this ActivityPub-fueled change takes off, it will break every social network into a thousand pieces. All posts, of all types, will be separated from their platforms. We'll get new tools for creating those posts, new tools for reading them, new tools for organizing them, and new tools for moderating them and sharing them and remixing them and everything else besides.
He's talking about a decades-old concept called POSSE: Publish (on your) Own Site, Syndicate Everywhere. ("Sometimes the P is also 'Post,' and the E can be 'Elsewhere.' The idea is the same either way." The idea is that you, the poster, should post on a website that you own. Not an app that can go away and take all your posts with it, not a platform with ever-shifting rules and algorithms. Your website. But people who want to read or watch or listen to or look at your posts can do that almost anywhere because your content is syndicated to all those platforms... [Y]our blog becomes the hub for everything, your main home on the internet.
The article argues that for now, "the best we have are tools like Micro.blog, a six-year-old platform for cross-posters." But the article ultimately envisions a future with not just new posting tools, but also new reading tools "with different ideas about how to display and organize posts."

Abner Li reports via 9to5Google: Google today detailed its research into audioplethysmography (APG) that adds heart rate sensing capabilities to active noise canceling (ANC) headphones and earbuds "with a simple software upgrade." Google says the "ear canal [is] an ideal location for health sensing" given that the deep ear artery "forms an intricate network of smaller vessels that extensively permeate the auditory canal."

This audioplethysmography approach works by "sending a low intensity ultrasound probing signal through an ANC headphone's speakers. This signal triggers echoes, which are received via on-board feedback microphones. We observe that the tiny ear canal skin displacement and heartbeat vibrations modulate these ultrasound echoes." A model that Google created works to process that feedback into a heart rate reading, as well as heart rate variability (HRV) measurement. This technique works even with music playing and "bad earbuds seals." However, it was impacted by body motion, and Google countered with a multi-tone approach that serves as a calibration tool to "find the best frequency that measures heart rate, and use only the best frequency to get high-quality pulse waveform."

Google performed two sets of studies with 153 people that found APG "achieves consistently accurate heart rate (3.21% median error across participants in all activity scenarios) and heart rate variability (2.70% median error in inter-beat interval) measurements." Compared to existing HR sensors, it's not impacted by skin tones. Ear canal size and "sub-optimal seal conditions" also do not impact accuracy. Google believes this is a better approach than putting traditional photoplethysmograms (PPG) and electrocardiograms (ECG) sensors, as well as a microcontroller, in headphones/earbuds: "this sensor mounting paradigm inevitably adds cost, weight, power consumption, acoustic design complexity, and form factor challenges to hearables, constituting a strong barrier to its wide adoption."

According to a new study published in iScience, the way pigeons problem-solve matches artificial intelligence. The Guardian reports: In the study, 24 pigeons were given a variety of visual tasks, some of which they learned to categorize in a matter of days, and others in a matter of weeks. The researchers found evidence that the mechanism that pigeons used to make correct choices is similar to the method that AI models use to make the right predictions. "Pigeon behavior suggests that nature has created an algorithm that is highly effective in learning very challenging tasks," said Edward Wasserman, study co-author and professor of experimental psychology at the University of Iowa. "Not necessarily with the greatest speed, but with great consistency."

On a screen, pigeons were shown different stimuli, like lines of different width, placement and orientation, as well as sectioned and concentric rings. Each bird had to peck a button on the right or left to decide which category they belonged to. If they got it correct, they got food, in the form of a pellet; if they got it wrong, they got nothing. "Pigeons don't need a rule," said Brandon Turner, lead author of the study and professor of psychology at Ohio State University. Instead they learn through trial and error. For example, when they were given a visual, say "category A", anything that looked close to that they also classified as "category A", tapping into their ability to identify similarities.

Over the course of the experiments, pigeons improved their ability to make right choices from 55% to 95% of the time when it came to some of the simpler tasks. Presented with a more complex challenge, their accuracy went up from 55% to 68%. In an AI model, the main goal is to recognize patterns and make decisions. Pigeons, as research shows, can do the same. Learning from consequences, when not given a food pellet, pigeons have a remarkable ability to correct their errors. Similarity function is also at play for pigeons, by using their ability to find resemblance between two objects. "With just those two mechanisms alone, you can define a neural network or an artificial intelligent machine to basically solve these categorization problems," said Turner. "It stands to reason that the mechanisms that are present in the AI are also present in the pigeon."

Dan Goodin reports via Ars Technica: Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised. Despite promises that this never-changing address would be hidden and replaced with a private one that was unique to each SSID, Apple devices have continued to display the real one, which in turn got broadcast to every other connected device on the network. [...]

In 2020, Apple released iOS 14 with a feature that, by default, hid Wi-Fi MACs when devices connected to a network. Instead, the device displayed what Apple called a "private Wi-Fi address" that was different for each SSID. Over time, Apple has enhanced the feature, for instance, by allowing users to assign a new private Wi-Fi address for a given SSID. On Wednesday, Apple released iOS 17.1. Among the various fixes was a patch for a vulnerability, tracked as CVE-2023-42846, which prevented the privacy feature from working. Tommy Mysk, one of the two security researchers Apple credited with discovering and reporting the vulnerability (Talal Haj Bakry was the other), told Ars that he tested all recent iOS releases and found the flaw dates back to version 14, released in September 2020. "From the get-go, this feature was useless because of this bug," he said. "We couldn't stop the devices from sending these discovery requests, even with a VPN. Even in the Lockdown Mode."

When an iPhone or any other device joins a network, it triggers a multicast message that is sent to all other devices on the network. By necessity, this message must include a MAC. Beginning with iOS 14, this value was, by default, different for each SSID. To the casual observer, the feature appeared to work as advertised. The "source" listed in the request was the private Wi-Fi address. Digging in a little further, however, it became clear that the real, permanent MAC was still broadcast to all other connected devices, just in a different field of the request. Mysk published a short video showing a Mac using the Wireshark packet sniffer to monitor traffic on the local network the Mac is connected to. When an iPhone running iOS prior to version 17.1 joins, it shares its real Wi-Fi MAC on port 5353/UDP.

Google Fiber plans to upgrade some users to 20Gbps service by the end of the year. Ars Technica reports: Google's Wednesday blog post calls this part of a "GFiber Labs" experiment and says the service "will initially be available as an early access offering to a small group of GFiber customers in select areas." The 20Gbps service is made possible by new networking gear: Nokia's 25G PON (passive optical network) technology, which lets Internet service providers push more bandwidth over existing fiber lines. Google says it's "one of the first" ISPs to adopt the technology for consumers, though at least one other US ISP, the Tennessee provider "EPB," has rolled out the technology. Customers will need new networking gear, too, and Google says you'll get a new fiber modem with built-in Wi-Fi 7.

Fierce Telecom spoke with Google's Nick Saporito, head of product at Google Fiber, who said, "We definitely see a need" for 20Gbps service. For now, Saporito says the service is "a very early adopter product," but it will eventually roll out "in most, if not all, of our markets." According to that Fierce report, Fiber is built on Nokia's "Quillion" Fiber platform, which is upgradable, so Google only needed to "plug in a new optical module and replace the optical network terminal on the end-user side" to take its 5 and 8Gbps infrastructure to 20Gbps.

There's no word yet on the price or which utopian Google Fiber cities will get access to the 20Gbps service, but Google has already run trials in Kansas City, Missouri. Currently, Google Fiber costs $70 for 1Gbps and $150 for 8Gbps. Interested customers can sign up for early access at this link.