An anonymous reader quotes a report from Ars Technica: A suspicious phone company is on the verge of having all its calls blocked by US-based telcos after being accused of ignoring orders to investigate and block robocalls. One Owl Telecom is a US-based gateway provider that routes phone calls from outside the U.S. to consumer phone companies such as Verizon. "Robocalls on One Owl's network apparently bombarded consumers without their consent with prerecorded messages about fictitious orders," the Federal Communications Commission said yesterday.

On August 1, the FCC sent One Owl a Notification of Suspected Illegal Robocall Traffic (PDF) ordering it to investigate robocall traffic identified by USTelecom's Industry Traceback Group, block all of the identified traffic within 14 days, and "continue to block the identified gateway traffic as well as substantially similar traffic on an ongoing basis." One Owl apparently hasn't taken any of the required steps, the FCC said yesterday. "One Owl never responded, and the [FCC Enforcement] Bureau is not aware of any measures One Owl has taken to comply with the Notice," an FCC order said.

Blocking robocall traffic from companies like One Owl is a bit like playing whack-a-mole. The FCC said it previously took enforcement actions "against two other entities to whom One Owl is closely related: Illum Telecommunication Limited and One Eye LLC. While operating under different corporate names, these entities have shared personnel, IP addresses, customers, and a penchant for disregarding FCC rules." If One Owl doesn't provide an adequate response within 14 days, all phone companies receiving calls from it "will then be required to block and cease accepting all traffic received from One Owl beginning 30 days after release of the Final Determination Order," the FCC said. "One Owl faces a simple choice -- comply or lose access to U.S. communications networks," FCC Enforcement Bureau Chief Loyaan Egal said in a press release.

The infrastructure behind popular AI workloads is so demanding that Schneider Electric has suggested it may be time to reevaluate the way we build datacenters. The Register reports: In a recent white paper [PDF], the French multinational broke down several of the factors that make accommodating AI workloads so challenging and offered its guidance for how future datacenters could be optimized for them. The bad news is some of the recommendations may not make sense for existing facilities. The problem boils down to the fact that AI workloads often require low-latency, high-bandwidth networking to operate efficiently, which forces densification of racks, and ultimately puts pressure on existing datacenters' power delivery and thermal management systems.

Today it's not uncommon for GPUs to consume upwards of 700W and servers to exceed 10kW. Hundreds of these systems may be required to train a large language model in a reasonable timescale. According to Schneider, this is already at odds with what most datacenters can manage at 10-20kW per rack. This problem is exacerbated by the fact that training workloads benefit heavily from maximizing the number of systems per rack as it reduces network latency and costs associated with optics. In other words, spreading the systems out can reduce the load on each rack, but if doing so requires using slower optics, bottlenecks can be introduced that negatively affect cluster performance.

The situation isn't nearly as dire for inferencing -- the act of putting trained models to work generating text, images, or analyzing mountains of unstructured data -- as fewer AI accelerators per task are required compared to training. Then how do you safely and reliably deliver adequate power to these dense 20-plus kilowatt racks and how do you efficiently reject the heat generated in the process? "These challenges are not insurmountable but operators should proceed with a full understanding of the requirements, not only with respect to IT, but to physical infrastructure, especially existing datacenter facilities," the report's authors write. The whitepaper highlights several changes to datacenter power, cooling, rack configuration, and software management that operators can implement to mitigate the demands of widespread AI adoption.

Google announced today that it is opening access to more contributors to participate in Road Mapper, a tool where you can add missing roads to Google Maps in areas of the world that need it most. TechCrunch reports: Road Mapper is an invite-only platform where people participate in challenges, drawing roads located in areas with a large population, yet have a significant amount of road network missing from Google Maps. Users draw road geometry using satellite images. The drawings then go through a review process and, if accepted, will be live on Google Maps in a few days. Those interested in joining Road Mapper can fill out Google's online form. Plus, top contributors that have mapped the most roads can now refer up to five contributors via the Road Mapper Referral form. Google's blog post notes that its contributors have mapped more than 1.5 million kilometers of roads, enabling more than 200 million people to navigate with Google Maps. That's pretty impressive considering Road Mapper only launched two years ago.

Researchers have discovered a never-before-seen backdoor for Linux that's being used by a threat actor linked to the Chinese government. From a report: The new backdoor originates from a Windows backdoor named Trochilus, which was first seen in 2015 by researchers from Arbor Networks, now known as Netscout. They said that Trochilus executed and ran only in memory, and the final payload never appeared on disks in most cases. That made the malware difficult to detect. Researchers from NHS Digital in the UK have said Trochilus was developed by APT10, an advanced persistent threat group linked to the Chinese government that also goes by the names Stone Panda and MenuPass.

Other groups eventually used it, and its source code has been available on GitHub for more than six years. Trochilus has been seen being used in campaigns that used a separate piece of malware known as RedLeaves. In June, researchers from security firm Trend Micro found an encrypted binary file on a server known to be used by a group they had been tracking since 2021. By searching VirusTotal for the file name, ââlibmonitor.so.2, the researchers located an executable Linux file named "mkmon." This executable contained credentials that could be used to decrypt the libmonitor.so.2 file and recover its original payload, leading the researchers to conclude that "mkmon" is an installation file that delivered and decrypted libmonitor.so.2.

The Linux malware ported several functions found in Trochilus and combined them with a new Socket Secure (SOCKS) implementation. The Trend Micro researchers eventually named their discovery SprySOCKS, with "spry" denoting its swift behavior and the added SOCKS component. SprySOCKS implements the usual backdoor capabilities, including collecting system information, opening an interactive remote shell for controlling compromised systems, listing network connections, and creating a proxy based on the SOCKS protocol for uploading files and other data between the compromised system and the attacker-controlled command server.

European governments have "systematically" shrunk their railways and starved them of funding while pouring money into expanding their road network, a report has found. The Guardian: The length of motorways in Europe grew 60% between 1995 and 2020 while railways shrank 6.5%, according to research from the German thinktanks Wuppertal Institute and T3 Transportation. For every $1 governments spent building railways, they spent $1.7 building roads. "This is a political choice," said Lorelei Limousin, a climate campaigner with Greenpeace, which commissioned the report. "We see the consequences today with the climate, but also with people who have been left without an alternative solution to cars."

The report found the EU, Norway, Switzerland and the UK spent $1.6tn between 1995 and 2018 to extend their roads -- but just $0.99tn to extend their rail networks. In the four years that followed (2018-21), the average gap in investment in rail and road decreased from 66% to 34%. During that time, seven countries invested more in rail than roads -- Austria, Belgium, Denmark, France, Italy, Luxembourg and the UK -- while the rest spent more on roads than rail.

71-year-old Mark Evanier is a legendary comic book/TV writer. Today he posted on his personal blog that "Forty years ago, I spent about six days (cumulative) of my life writing the pilot script and small-b bible for a Saturday morning cartoon series called Dungeons & Dragons...

"I feel like I have now spent more than six days (cumulative) being interviewed about this series." It went on CBS on September 17, 1983 and lasted three seasons. Do not believe those who claim it was driven from the airwaves by pressure groups who saw satanic subtext in the series. It went off for the same reason most shows go off: Because the ratings were declining and — rightly or wrongly — the brass at the network didn't think it would have enough viewers to sustain another season. Yes, there were protests about its content but not many and CBS, at least in those days, was pretty good about ignoring such outcries if — and this is always a Big If — the viewers seem to want whatever is being outcried about.
From Wikipedia: The level of violence was controversial for American children's television at the time, and the script of one episode, "The Dragon's Graveyard", was almost canceled because the characters contemplated killing their nemesis, Venger. In 1985, the National Coalition on Television Violence demanded that the FTC run a warning during each broadcast stating that Dungeons & Dragons had been linked to real-life violent deaths.
The show ultimately ran for a total of 27 episodes. The blog post continues: It was a good show because of good writers, good producers, good artists, good voice talent, good everything...and I was mostly a spectator to all that goodness, having opted not to stick with it. Still, thanks to the gent who was my agent at the time, my name was seen for a micro-second in the credits each week so I get more kudos than I probably earned...

Quite recently, I sat for this video podcast with a fine interviewer and a major fan of the series, Heath Holland. It's almost an hour and we talked about some other things but it's mostly about Dungeons & Dragons...
The podcaster notes that the cartoon's six adventurers even made a cameo in 2022's live-action Dungeons & Dragons movie, Honor Among Thieves — and several other companies are still celebrating the cartoon. Hasbro recently released a line of action figures based on the cartoon, while IDW has released a comic book mini-series called Dungeons & Dragons: Saturday Morning Adventures.

In the series six children are transported from an amusement park's Dungeon's & Dragons ride into the game's realm, where a kindly Dungeon Master helps them battle various villains and monsters as they search for a way home. More lore about the series from Wikipedia: A final unproduced episode would have served as both a conclusion to the story and as a re-imagining of the show, had it been picked up for a fourth season. However, it was canceled before the episode was made. The script has since been published online and was performed as an audio drama as a special feature for the BCI Eclipse DVD edition of the series... A fan-made animated version of the finale appeared online in 2020 [according to TheGamer.com].

When Linus Torvalds announced Linux kernel 6.6's first release candidate, it included a newly-stable version of KSMBD, which is Samsung's in-kernel server for the SMB protocol (for sharing files/folders/printers over a network).

An announcement in 2021 had said that "For many cases the current userspace server choices were suboptimal either due to memory footprint, performance or difficulty integrating well with advanced Linux features."

LWN noted at the time that Linux has been using "the user-space Samba solution since shortly after the beginning." In a sense, ksmbd is not meant to compete with Samba; indeed, it has been developed in cooperation with the Samba project. It is, however, meant to be a more performant and focused solution than Samba is; at this point, Samba includes a great deal of functionality beyond simple file serving. Ksmbd claims significant performance improvements on a wide range of benchmarks...One other reason — which tends to be spoken rather more quietly — is that a new implementation can be licensed under GPLv2, while Samba is GPLv3.
The Register notes that when Samba switched to GPL 3, "one result was that Apple dropped Samba from Mac OS X and replaced it with its own, in-house server called SMBX." And they also remember that a month after its debut in 2021, "Linux sysadmins got to enjoy KSMBD's first security exploit." What's changed now is that it has faced considerable security testing and as a result it is no longer marked as experimental. It's been developed with the assistance of the Samba team, which itself documents how to use it. It's compatible with existing Samba configuration files. As the team says, "It is not meant to replace the existing Samba fileserver 'smbd', but rather be an extension and will integrate with Samba in the future...."

KSMBD is also important in that placing such core server functionality right inside the kernel represents a significant potential attack surface for crackers... The new bcachefs file system will not be going into kernel 6.6, and its developer is not happy.
"It's taken some time to get KSMBD to a state that was considered stable," points out Linux magazine. That time has come, and KSMBD is planned for Linux kernel 6.6.: But why is KSMBD important? First off, it promises considerable performance gains and better support for modern features such as Remote Direct Memory Access (RDMA)... KSMBD also adds enhanced security, considerably better performance for both single and multi-thread read/write, better stability, and higher compatibility. In the end, hopefully, this KSMBD will also mean easier share setups in Linux without having to jump through the same hoops one must with the traditional Samba setup.

For over 30 years the EFF has presented awards recognizing those "advancing innovation and championing digital rights," according to its web site, celebrating "the accomplishments of people working toward a better future... both in the public eye and behind the scenes."

This year's ceremony — hosted by Cory Doctorow — didn't just recognize Sci-Hub's founder. The EFF also gave its award for "Communications Policy" to the Signal Foundation — and its "Information Democracy" award to the Library Freedom Project.

From the Electronic Frontier Foundation web site: Since 2013, with the release of the unified app and the game-changing Signal Protocol, Signal has set the bar for private digital communications. With its flagship product, Signal Messenger, Signal provides real communications privacy, offering easy-to-use technology that refuses the surveillance business model on which the tech industry is built. To ensure that the public doesn't have to take Signal's word for it, Signal publishes their code and documentation openly, and licenses their core privacy technology to allow others to add privacy to their own products. Signal is also a 501(c)(3) nonprofit, ensuring that investors and market pressure never provides an incentive to weaken privacy in the name of money and growth. This allows Signal to stand firm against growing international legislative pressure to weaken online privacy, making it clear that end-to-end encryption either works for everyone or is broken for everyone — there is no half measure.

The Library Freedom Project (LFP) is radically rethinking the library professional organization by creating a network of values-driven librarian-activists taking action together to build information democracy. LFP offers trainings, resources, and community building for librarians on issues of privacy, surveillance, intellectual freedom, labor rights, power, technology, and more — helping create safer, more private spaces for library patrons to feed their minds and express themselves. Their work is informed by a social justice, feminist, anti-racist approach, and they believe in the combined power of long-term collective organizing and short-term, immediate harm reduction.

"Until now, China's influence campaigns have been focused on amplifying propaganda defending its policies on Taiwan and other subjects," reports the New York Times.

But a new piece co-authored by the newspaper's national security correspondent and its misinformation investigative reporter notes a new effort identified by researchers from Microsoft, the RAND Corporation, the University of Maryland, the intelligence company Recorded Future, and news-rating service NewsGuard. And that newly-discovered effort "suggests that Beijing is making more direct attempts to sow discord in the United States."

It began when, sensing an opportunity,"China's increasingly resourceful information warriors pounced" after high winds in Hawaii downed three power lines that sparked wildfires in Hawaii on August 8th... The disaster was not natural, they said in a flurry of false posts that spread across the internet, but was the result of a secret "weather weapon" being tested by the United States. To bolster the plausibility, the posts carried photographs that appeared to have been generated by artificial intelligence programs, making them among the first to use these new tools to bolster the aura of authenticity of a disinformation campaign... Recorded Future first reported that the Chinese government mounted a covert campaign to blame a "weather weapon" for the fires, identifying numerous posts in mid-August falsely claiming that MI6, the British foreign intelligence service, had revealed "the amazing truth behind the wildfire." Posts with the exact language appeared on social media sites across the internet, including Pinterest, Tumblr, Medium and Pixiv, a Japanese site used by artists. Other inauthentic accounts spread similar content, often accompanied with mislabeled videos, including one from a popular TikTok account, The Paranormal Chic, that showed a transformer explosion in Chile...

The Chinese campaign operated across many of the major social media platforms — and in many languages, suggesting it was aimed at reaching a global audience. Microsoft's Threat Analysis Center identified inauthentic posts in 31 languages, including French, German and Italian, but also in less prominent ones like Igbo, Odia and Guarani. The artificially generated images of the Hawaii wildfires identified by Microsoft's researchers appeared on multiple platforms, including a Reddit post in Dutch. "These specific A.I.-generated images appear to be exclusively used" by Chinese accounts used in this campaign, Microsoft said in a report. "They do not appear to be present elsewhere online."
The researchers "suggested that China was building a network of accounts that could be put to use in future information operations, including the next U.S. presidential election," according to the article. It adds that president Biden "has cut off China's access to the most advanced chips and the equipment made to produce them."

The article adds that the impact of China's misinformation campaign "is difficult to measure, though early indications suggest that few social media users engaged with the most outlandish of the conspiracy theories."

A security company is calling out a feature in Google's authenticator app that it says made a recent internal network breach much worse. ArsTechnica: Retool, which helps customers secure their software development platforms, made the criticism on Wednesday in a post disclosing a compromise of its customer support system. The breach gave the attackers responsible access to the accounts of 27 customers, all in the cryptocurrency industry. The attack started when a Retool employee clicked a link in a text message purporting to come from a member of the company's IT team. It warned that the employee would be unable to participate in the company's open enrollment for health care coverage until an account issue was fixed. The text arrived while Retool was in the process of moving its login platform to security company Okta.

Most of the targeted Retool employees took no action, but one logged in to the linked site and, based on the wording of the poorly written disclosure, presumably provided both a password and a temporary one-time password, or TOTP, from Google authenticator. Shortly afterward, the employee received a phone call from someone who claimed to be an IT team member and had familiarity with the "floor plan of the office, coworkers, and internal processes of our company." During the call, the employee provided an "additional multi-factor code." It was at this point, the disclosure contended, that a sync feature Google added to its authenticator in April magnified the severity of the breach because it allowed the attackers to compromise not just the employee's account but a host of other company accounts as well.

A week ago, GitHub fused its home page feed with algorithmic recommendations, infuriating more than a few users of the Microsoft-owned code-hosting giant. The Register reports: On Tuesday, GitHub responded to the hostile feedback by stating that some of the questioned behavior was actually due to bugs that have now been fixed, even as it doubled down on its decision to combine the previously separate "Following" and "For You" feeds. The "Following" feed included "activity by people you follow and from repositories you watch." It was the result of deliberate user choice: developers selected the code and contributors they were interested in. The "For You" feed included "activity and recommendations based on your GitHub network." It was the result of GitHub's social algorithm and user behavior data.

As of last week, GitHub combined the two to lighten the burden on its servers, or so the company claimed. "When we launched the latest version of your feed on September 6, 2023, we made changes to the underlying technology of the feed in order to improve overall platform performance," the biz explained in a post on Tuesday. "As a result, we removed the functionality for 'push events for repositories a user is subscribed to'. We don't take these changes lightly, but as our community continues to grow tremendously, we have to prioritize our availability, user experience, and performance."

Bram Borggreve, founder of Columbia-based dev shop BeeSoft Labs, offered one of the more polite objections to the unrequested feed change among the almost two hundred people who commented, not to mention those participating in adjacent discussion threads who asked for a reversal [...]. An engineer at an IT infrastructure management software developer, who wished to remain anonymous as he is not authorized to speak to the media, told The Register in an email, "GitHub tried this before, and their users said no. They are taking away a useful feature and replacing it with social media algorithm garbage. It's like they forgot that people use their platform to do actual work, and not just doom scroll issues, pull requests, and new JavaScript frameworks." "We understand that many of you are upset with the recent changes to your feed," the company stated. "We should have done a better job communicating recent changes and how those decisions relate to our broader platform goals. Your continued feedback is invaluable as we evolve and continue to strive to provide a first-class developer experience that helps every developer be happier and more productive."

An anonymous reader quotes a report from Reuters: Belgium said on Thursday it would review potential health risks linked to Apple's iPhone 12, raising the prospect that more European countries might ban the model after France ordered a halt to sales due to breaches of radiation exposure limits. However, there seemed to be no immediate prospect of an EU-wide ban as the European Commission said it would wait for feedback from other EU countries before deciding on any action. European Union member states, which were notified by the French regulator on Wednesday, have three months to provide comments. Some, such as Italy, said they would take no steps for now.

Mathieu Michel, Belgium's state secretary for digitalization told Reuters that the Belgian regulator was looking into the matter after the French moves. "We immediately asked the IBPT (Belgian Institute for Postal Services and Telecommunications) for confirmation, or at least an analysis, and this is currently under way," he said. Michel also asked the regulator to review all Apple smartphones, and devices made by others, at a later stage. However, he stressed that European standards were extremely cautious and there were no immediate safety concerns. "So that's why today it's obviously a limit which is being crossed (according to the French regulator) and that's not acceptable, but in terms of health and safety, I don't think there's any reason to think that we're all going to turn into little green men."

The iPhone 12 had passed the radiation test conducted by the French agency in 2021. Germany's network regulator BNetzA reiterated that the work in France could act as a guide for Europe as a whole and that it would examine the issue for the German market if the process in France had progressed sufficiently. The Dutch digital watchdog also said it was looking into the matter and would ask the U.S. firm for an explanation, while stressing there was "no acute safety risk." Portugal's telecommunications regulator ANACOM said it was monitoring and analyzing developments in coordination with France, and expected one of the two likely outcomes: Apple correcting the situation or, failing that, Brussels telling EU member states "to adopt proportional measures." Britain, where the iPhone 12 met radiation safety standards when it was released, has not announced any plans in the wake of France's decision.

An anonymous reader quotes a report from the Associated Press: As young children went back to school across Sweden last month, many of their teachers were putting a new emphasis on printed books, quiet reading time and handwriting practice and devoting less time to tablets, independent online research and keyboarding skills. The return to more traditional ways of learning is a response to politicians and experts questioning whether the country's hyper-digitalized approach to education, including the introduction of tablets in nursery schools, had led to a decline in basic skills. Swedish Minister for Schools Lotta Edholm, who took office 11 months ago as part of a new center-right coalition government, was one of the biggest critics of the all-out embrace of technology. "Sweden's students need more textbooks," Edholm said in March. "Physical books are important for student learning."

The minister announced last month in a statement that the government wants to reverse the decision by the National Agency for Education to make digital devices mandatory in preschools. It plans to go further and to completely end digital learning for children under age 6, the ministry also told The Associated Press. [...] "There's clear scientific evidence that digital tools impair rather than enhance student learning," Sweden's Karolinska Institute said in a statement last month on the country's national digitalization strategy in education. "We believe the focus should return to acquiring knowledge through printed textbooks and teacher expertise, rather than acquiring knowledge primarily from freely available digital sources that have not been vetted for accuracy," said the institute, a highly respected medical school focused on research. To counter Sweden's decline in 4th grade reading performance, the Swedish government announced an investment worth 685 million kronor (60 million euros or $64.7 million) in book purchases for the country's schools this year. Another 500 million kronor will be spent annually in 2024 and 2025 to speed up the return of textbooks to schools. "The Swedish government does have a valid point when saying that there is no evidence for technology improving learning, but I think that's because there is no straightforward evidence of what works with technology," said Neil Selwyn, a professor of education at Monash University in Melbourne, Australia. "Technology is just one part of a really complex network of factors in education."

Credit card disputes at Visa continued rising past their pandemic boom despite the proliferation of prevention software, as fraud grows alongside e-commerce and inflation. From a report: Disputes on Visa's network rose to more than 90 million in 2022, data provided by the payment company showed. More than 70 million disputes were filed in 2019, Visa said in a presentation, before rising 24% in 2020 during the pandemic and about 2% a year in 2021 and 2022.

Despite being easy for consumers to file, making it one of the most-common credit card frauds, disputes are an opaque part of the payments industry. Both Mastercard Inc. and American Express declined to provide disputes data. Visa and Mastercard both bought dispute prevention companies in 2019, Verifi and Ethoca, respectively, and regularly promote their offerings at conferences. Disputes can be costly and onerous for both credit card companies and merchants to process, while chargebacks, when a dispute results in a refund, cost merchants dearly -- about $2.40 for every dollar disputed, according to Visa's Verifi, or as high as $3.36 for every dollar, according to Mastercard's Ethoca.

Microsoft has made it clear: it will ax third-party printer drivers in Windows. From a report: The death rattle will be lengthy, as the timeline for the end of servicing stretches into 2027 -- although Microsoft noted that the dates will be subject to change. There is, after all, always that important customer with a strange old printer lacking Mopria support.

Mopria is part of the Windows' teams justification for removing support. Founded in 2013 by Canon, HP, Samsung and Xerox, the Mopria Alliance's mission is to provide universal standards for printing and scanning. Epson, Lexmark, Adobe and Microsoft have also joined the gang since then. Since Windows 10 21H2, Microsoft has baked Mopria support into the flagship operating system, with support for devices connected via the network or USB, thanks to the Microsoft IPP Class driver. Microsoft said: "This removes the need for print device manufacturers to provide their own installers, drivers, utilities, and so on."

An anonymous Slashdot reader shared this report from the New York Times: The collapse in cryptocurrency prices last year forced a procession of major firms into bankruptcy, triggering a government crackdown and erasing the savings of millions of inexperienced investors. But for a small group of corporate turnaround specialists, crypto's implosion has become a financial bonanza.

Lawyers, accountants, consultants, cryptocurrency analysts and other professionals have racked up more than $700 million in fees since last year from the bankruptcies of five major crypto firms, including the digital currency exchange FTX, according to a New York Times analysis of court records. That sum is likely to grow significantly as the cases unfold over the coming months. Large fees are common in corporate bankruptcies, which require complex and time-intensive legal work to untangle. But in the crypto world, the mounting fees have sparked widespread outrage because many of the people owed money are amateur traders who lost their personal savings, rather than corporations with the ability to weather a financial crisis. Every dollar in fees is deducted from the pool of funds that will be returned to creditors at the end of the bankruptcies.

The fees are "exorbitant and ridiculous," said Daniel Frishberg, a 19-year-old investor who lost about $3,000 when the crypto company Celsius Network filed for bankruptcy last year. "At every hearing, they have an army of people there, and most of them don't need to be there. You don't need 20 people taking notes."

An anonymous reader shared this report from Bloomberg: China-linked hackers breached the corporate account of a Microsoft engineer and are suspected of using that access to steal a valuable key that enabled the hack of senior U.S. officials' email accounts, the company said in a blog post. The hackers used the key to forge authentication tokens to access email accounts on Microsoft's cloud servers, including those belonging to Commerce Secretary Gina Raimondo, Representative Don Bacon and State Department officials earlier this year.

The U.S. Cybersecurity and Infrastructure Security Agency and Microsoft disclosed the breach in June, but it was still unclear at the time exactly how hackers were able to steal the key that allowed them to access the email accounts. Microsoft said the key had been improperly stored within a "crash dump," which is data stored after a computer or application unexpectedly crashes...

The incident has brought fresh scrutiny to Microsoft's cybersecurity practices.
Microsoft's blog post says they corrected two conditions which allowed this to occur. First, "a race condition allowed the key to be present in the crash dump," and second, "the key material's presence in the crash dump was not detected by our systems." We found that this crash dump, believed at the time not to contain key material, was subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network. This is consistent with our standard debugging processes. Our credential scanning methods did not detect its presence (this issue has been corrected).

After April 2021, when the key was leaked to the corporate environment in the crash dump, the Storm-0558 actor was able to successfully compromise a Microsoft engineer's corporate account. This account had access to the debugging environment containing the crash dump which incorrectly contained the key. Due to log retention policies, we don't have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.

Star Trek: The Animated Series was a half-hour Saturday morning cartoon that premiered exactly one half century ago — yesterday. You can watch its opening credits sequence on YouTube — with its strange 1970s version of the theme song. CBS's YouTube channel also offers clips from various episodes.

Starting in 1973, it ran for two seasons — a total of just 22 episodes. But the BBC notes it kept Star Trek in people's minds after the original series had been cancelled in 1969: While The Original Series had struggled in the ratings during its initial run, the show thrived in syndication, and created the phenomenon of fan conventions (think Comic-con in the present day). Because of this, studios were interested in more Star Trek, but there was a problem: the sets had been scrapped, the costumes were gone, and it would have been cost-prohibitive to rebuild everything from scratch. NBC settled on a different approach: an animated series.

According to The Fifty-Year Mission by Mark Altman and Edward Gross (an oral history of Star Trek), Gene Roddenberry wasn't overly interested in an animated show in and of itself. However, he was willing to go along with it because he saw it as a stepping stone to another live-action show or a feature film. An animated show would energise fans, he thought, so he agreed on the condition that he would have full creative control of The Animated Series. After a fight, the network gave in. The full, regular cast returned, with the exception of Walter Koenig's Pavel Chekov, who was cut for budget reasons...

[I]t was very much conceived of as a continuation of The Original Series. Some of the episodes were direct sequels, such as More Tribbles, More Trouble, which is a continuation of the classic The Trouble with Tribbles, and featured the return of Cyrano Jones... [Another episode was a sequel to The City on the Edge of Forever.] Dorothy (DC) Fontana led a group of writers from the original show who mostly wrote for a traditional, adult Star Trek audience. That's why the show didn't catch on — while it was well-received by critics, it might have done better in prime time. The show won a Daytime Emmy for best children's series, but it was cancelled after two years because of low ratings. Roddenberry then moved on to work on another live-action series, called Phase II, which would eventually become Star Trek: The Motion Picture...

Whatever is decided regarding "the canon", The Animated Series sits firmly within Star Trek's guiding ethos: Gene Roddenberry's vision for a utopian future where humans coexist peacefully with aliens as part of a Federation, and there's no poverty or war.

Internet services has long been slow for the Winnebago Tribe in the state of Nebraska, reports the Wall Street Journal. Now the U.S. government "plans to fix that by crisscrossing the reservation with fiber-optic cable — at an average cost of $53,000 for each household and workplace connected."

While that amount exceeds the assessed value of some of the 658 homes getting hookups — at a cost of $35.2 million — "the tribe is also starting an internet company to run the network, creating jobs and competing with an existing provider known for slow customer service." While most connections will cost far less, the expense to reach some remote communities has triggered concerns over the ultimate price tag for ensuring every rural home, business, school and workplace in America has the same internet that city dwellers enjoy... The U.S. has committed more than $60 billion for what the Biden administration calls the "Internet for All" program, the latest in a series of sometimes troubled efforts to bring high-speed internet to rural areas... Providing fiber-optic cable is the industry standard, but alternative options such as satellite service are cheaper, if less reliable. Congress has left it up to state and federal officials implementing the program to decide how much is too much in hard-to-reach areas...

Defenders of the broadband programs say a simple per-location cost doesn't capture their benefits. Once built, rural fiber lines can be used to upgrade cell service or to add more connections to nearby towns...

Some of the differences can be explained by the distinct geographic areas the programs are targeting. While the FCC program included some suburbs and excluded remote locations such as Alaska, the programs run by Commerce and USDA specifically targeted far-flung regions with difficult construction conditions. "These are some of the most challenging locations that there are to reach in America," said Andy Berke, administrator of the USDA's Rural Utilities Service. He cited one project in Alaska that involves a 793-mile undersea fiber cable to reach remote villages.

Rotten Tomatoes celebrated its 25th year of assigning scores to movies based on their aggregate review. Now Vulture writes that Rotten Tomatoes "can make or break" movies, "with implications for how films are perceived, released, marketed, and possibly even green-lit". But unfortuately, the site "is also erratic, reductive, and easily hacked."

Vulture tells the story of a movie-publicity company contacting "obscure, often self-published critics" to say the film's teams "feel like it would benefit from more input from different critics" — while making undisclosed payments of $50 or more.) A critic asking if it's okay to pan the movie was informed that "super nice" critics move their bad reviews onto sites not included in Rotten Tomatoes scores.

Vulture says after bringing this to the site's attention, Rotten Tomatoes "delisted a number of the company's movies from its website and sent a warning to writers who reviewed them." But is there a larger problem? Filmmaker Paul Schrader even opines that "Audiences are dumber. Normal people don't go through reviews like they used to. Rotten Tomatoes is something the studios can game. So they do...." A third of U.S. adults say they check Rotten Tomatoes before going to the multiplex, and while movie ads used to tout the blurbage of Jeffrey Lyons and Peter Travers, now they're more likely to boast that a film has been "Certified Fresh...."

Another problem — and where the trickery often begins — is that Rotten Tomatoes scores are posted after a movie receives only a handful of reviews, sometimes as few as five, even if those reviews may be an unrepresentative sample. This is sort of like a cable-news network declaring an Election Night winner after a single county reports its results. But studios see it as a feature, since, with a little elbow grease, they can sometimes fool people into believing a movie is better than it is.

Here's how. When a studio is prepping the release of a new title, it will screen the film for critics in advance. It's a film publicist's job to organize these screenings and invite the writers they think will respond most positively. Then that publicist will set the movie's review embargo in part so that its initial Tomatometer score is as high as possible at the moment when it can have maximal benefits for word of mouth and early ticket sales... [I]n February, the Tomatometer score for Ant-Man and the Wasp: Quantumania debuted at 79 percent based on its first batch of reviews. Days later, after more critics had weighed in, its rating sank into the 40s. But the gambit may have worked. Quantumania had the best opening weekend of any movie in the Ant-Man series, at $106 million. In its second weekend, with its rottenness more firmly established, the film's grosses slid 69 percent, the steepest drop-off in Marvel history.

In studios' defense, Rotten Tomatoes' hastiness in computing its scores has made it practically necessary to cork one's bat. In a strategic blunder in May, Disney held the first screening of Indiana Jones and the Dial of Destiny at Cannes, the world's snootiest film festival, from which the first 12 reviews begot an initial score of 33 percent. "What they should've done," says Publicist No. 1, "was have simultaneous screenings in the States for critics who might've been more friendly." A month and a half later, Dial of Destiny bombed at the box office even though friendly critics eventually lifted its rating to 69 percent. "They had a low Rotten Tomatoes score just sitting out there for six weeks before release, and that was deadly," says a third publicist.