In 2022, Red Hat announced plans to extend RHEL to the automotive industry through Red Hat In-Vehicle Operating System (providing automakers with an open and functionally-safe platform). And this week Red Hat announced it achieved ISO 26262 ASIL-B certification from exida for the Linux math library (libm.so glibc) — a fundamental component of that Red Hat In-Vehicle Operating System.

From Red Hat's announcement: This milestone underscores Red Hat's pioneering role in obtaining continuous and comprehensive Safety Element out of Context certification for Linux in automotive... This certification demonstrates that the engineering of the math library components individually and as a whole meet or exceed stringent functional safety standards, ensuring substantial reliability and performance for the automotive industry. The certification of the math library is a significant milestone that strengthens the confidence in Linux as a viable platform of choice for safety related automotive applications of the future...

By working with the broader open source community, Red Hat can make use of the rigorous testing and analysis performed by Linux maintainers, collaborating across upstream communities to deliver open standards-based solutions. This approach enhances long-term maintainability and limits vendor lock-in, providing greater transparency and performance. Red Hat In-Vehicle Operating System is poised to offer a safety certified Linux-based operating system capable of concurrently supporting multiple safety and non-safety related applications in a single instance. These applications include advanced driver-assistance systems (ADAS), digital cockpit, infotainment, body control, telematics, artificial intelligence (AI) models and more. Red Hat is also working with key industry leaders to deliver pre-tested, pre-integrated software solutions, accelerating the route to market for SDV concepts.
"Red Hat is fully committed to attaining continuous and comprehensive safety certification of Linux natively for automotive applications," according to the announcement, "and has the industry's largest pool of Linux maintainers and contributors committed to this initiative..."

Or, as Network World puts it, "The phrase 'open source for the open road' is now being used to describe the inevitable fit between the character of Linux and the need for highly customizable code in all sorts of automotive equipment."

Justine Calma writes via The Verge: A group of young plaintiffs reached a historic climate settlement with the state of Hawaii and Hawaii Department of Transportation in a deal that will push the state to clean up tailpipe pollution. The 13 youth plaintiffs filed suit in 2022 when they were all between the ages of 9 and 18. In the suit, Navahine F. v. Hawaii Department of Transportation (HDOT), they alleged that the state and HDOT had violated their right to "a clean and healthful environment," which is enshrined in Hawaii's constitution.

The settlement (PDF), reached on Thursday, affirms that right and commits the DOT to creating a plan to reach zero greenhouse gas emissions from transportation by 2045. To hit that goal, the state will have to dedicate at least $40 million to building out its EV charging network by the end of the decade and complete new pedestrian, bicycle, and transit networks over the next five years. The settlement also creates a new unit within HDOT tasked with coordinating CO2 emission reductions and a volunteer youth council to advise HDOT.

This is the first settlement agreement in which "government defendants have decided to resolve a constitutional climate case in partnership with youth plaintiffs," according to nonprofit legal groups Our Children's Trust and Earthjustice, which represent the plaintiffs. Back in 2018, Hawaii committed to reaching net-zero carbon dioxide emissions by 2045 -- in line with what climate research determined was necessary to meet the Paris climate accord goal of stopping global warming. But the state wasn't doing enough to reach that goal, the plaintiffs alleged. Transportation makes up the biggest chunk of the state's greenhouse gas pollution. Justine Calma is a senior science reporter covering energy and the environment with more than a decade of experience. She is also the host of Hell or High Water: When Disaster Hits Home, a podcast from Vox Media and Audible Originals.

An anonymous reader quotes a report from Ars Technica: The California Public Utilities Commission (CPUC) yesterday rejected AT&T's request to end its landline phone obligations. The state agency also urged AT&T to upgrade copper facilities to fiber instead of trying to shut down the outdated portions of its network. AT&T asked the state to eliminate its Carrier of Last Resort (COLR) obligation, which requires it to provide landline telephone service to any potential customer in its service territory. A CPUC administrative law judge recommended rejection of the application last month, and the commission voted to dismiss AT&T's application with prejudice on Thursday.

"Our vote to dismiss AT&T's application made clear that we will protect customer access to basic telephone service... Our rules were designed to provide that assurance, and AT&T's application did not follow our rules," Commissioner John Reynolds said in a CPUC announcement. State rules require a replacement COLR in order to relieve AT&T of its duties, and AT&T argued that VoIP and mobile services could fill that gap. But residents "highlighted the unreliability of voice alternatives" at public hearings, the CPUC said. "Despite AT&T's contention that providers of voice alternatives to landline service -- such as VoIP or mobile wireless services -- can fill the gap, the CPUC found AT&T did not meet the requirements for COLR withdrawal," the agency said. "Specifically, AT&T failed to demonstrate the availability of replacement providers willing and able to serve as COLR, nor did AT&T prove that alternative providers met the COLR definition."

The administrative law judge's proposed decision said AT&T falsely claimed that commission rules require it "to retain outdated copper-based landline facilities that are expensive to maintain." The agency stressed that its rules do not prevent AT&T from upgrading to fiber. "COLR rules are technology-neutral and do not distinguish between voice services offered... and do not prevent AT&T from retiring copper facilities or from investing in fiber or other facilities/technologies to improve its network," the agency said yesterday. AT&T California President Marc Blakeman said the company is lobbying to change the state law. "No customer will be left without voice and 911 services. We are focused on the legislation introduced in California, which includes important protections, safeguards, and outreach for consumers and does not impact our customers in rural locations. We are fully committed to keeping our customers connected while we work with state leaders on policies that create a thoughtful transition that brings modern communications to all Californians," Blakeman said.

According to SFGATE, the legislation pushed by AT&T "would create a way for AT&T to remain as COLR in rural regions, which the company estimates as being about 100,000 customers, while being released from COLR obligations everywhere else."

Twenty years ago, FedEx established its own police force. Now it's working with local police to build out an AI car surveillance network. From a report: Forbes has learned the shipping and business services company is using AI tools made by Flock Safety, a $4 billion car surveillance startup, to monitor its distribution and cargo facilities across the United States. As part of the deal, FedEx is providing its Flock video surveillance feeds to law enforcement, an arrangement that Flock has with at least five multi-billion dollar private companies. But publicly available documents reveal that some local police departments are also sharing their Flock feeds with FedEx -- a rare instance of a private company availing itself of a police surveillance apparatus.

To civil rights activists, such close collaboration has the potential to dramatically expand Flock's car surveillance network, which already spans 4,000 cities across over 40 states and some 40,000 cameras that track vehicles by license plate, make, model, color and other identifying characteristics, like dents or bumper stickers. Lisa Femia, staff attorney at the Electronic Frontier Foundation, said because private entities aren't subject to the same transparency laws as police, this sort of arrangement could "[leave] the public in the dark, while at the same time expanding a sort of mass surveillance network."

Bipartisan agreement on government internet subsidies seems unlikely as Democrats and Republicans propose conflicting bills to reauthorize the FCC's spectrum auctions. The Democratic bill aims to fund the now-defunct Affordable Connectivity Program, while the Republican version does not. "While some Republicans supported earlier efforts to extend the subsidy program, those efforts did not go through in time to keep it from ending," notes The Verge. From the report: The Senate Commerce Committee canceled a Tuesday morning markup meeting in which it was set to consider the Spectrum and National Security Act, led by committee chair Maria Cantwell (D-WA). When she introduced it in April, Cantwell said the bill would provide $7 billion to continue funding the Affordable Connectivity Program (ACP), the pandemic-era internet subsidy for low-income Americans that officially ran out of money and ended at the end of May. The main purpose of the bill is to reauthorize the Federal Communications Commission's authority to run auctions for spectrum. The proceeds from spectrum auctions are often used to fund other programs. In addition to the ACP, Cantwell's bill would also fund programs including incentives for domestic chip manufacturing and a program that seeks to replace telecommunications systems that have been deemed national security concerns. The markup was already postponed several times before.

Cantwell blamed Sen. Ted Cruz (R-TX), the top Republican on the Senate Commerce Committee, for standing in the way of the legislation. "We had a chance to secure affordable broadband for millions of Americans, but Senator Cruz said 'no,'" Cantwell said in a statement late Monday. "He said 'no' to securing a lifeline for millions of Americans who rely on the Affordable Connectivity Program to speak to their doctors, do their homework, connect to their jobs, and stay in touch with loved ones -- including more than one million Texas families." In remarks on the Senate floor on Tuesday, Cantwell said her Republican colleagues on the committee offered amendments to limit the ACP funding in the bill. She said the ACP shouldn't be a partisan issue and stressed the wide range of Americans who've relied on the program for high-speed connections, including elderly people living on fixed incomes and many military families. "I hope my colleagues will stop with obstructing and get back to negotiating on important legislation that will deliver these national security priorities and help Americans continue to have access to something as essential as affordable broadband," she said.

Cruz has his own spectrum legislation with Sen. John Thune (R-SD) that would reauthorize the FCC's spectrum auction authority, with a focus on expanding commercial access to mid-band spectrum, commonly used for 5G. But it doesn't have the same ACP funding mechanism. Some large telecom industry players prefer Cruz's bill, in part because it allows for exclusive licensing. Wireless communications trade group CTIA's SVP of government affairs, Kelly Cole, told Fierce Network that the Cruz bill "is a better approach because it follows the historical precedent set by prior bipartisan legislation to extend the FCC's auction authority." But other tech groups like the Internet Technology Industry Council (ITI), which represents companies including Amazon, Apple, Google, and Meta, support Cantwell's bill, in part because of the programs it seeks to fund.

An anonymous reader quotes a report from TechCrunch: Butterflies is a social network where humans and AIs interact with each other through posts, comments and DMs. After five months in beta, the app is launching Tuesday to the public on iOS and Android. Anyone can create an AI persona, called a Butterfly, in minutes on the app. After that, the Butterfly automatically creates posts on the social network that other AIs and humans can then interact with. Each Butterfly has backstories, opinions and emotions.

Butterflies was founded by Vu Tran, a former engineering manager at Snap. Vu came up with the idea for Butterflies after seeing a lack of interesting AI products for consumers outside of generative AI chatbots. Although companies like Meta and Snap have introduced AI chatbots in their apps, they don't offer much functionality beyond text exchanges. Tran notes that he started Butterflies to bring more creativity to humans' relationships with AI. "With a lot of the generative AI stuff that's taking flight, what you're doing is talking to an AI through a text box, and there's really no substance around it," Vu told TechCrunch. "We thought, OK, what if we put the text box at the end and then try to build up more form and substance around the characters and AIs themselves?" Butterflies' concept goes beyond Character.AI, a popular a16z-backed chatbot startup that lets users chat with customizable AI companions. Butterflies wants to let users create AI personas that then take on their own lives and coexist with other. [...]

The app is free-to-use at launch, but Butterflies may experiment with a subscription model in the future, Vu says. Over time, Butterflies plans to offer opportunities for brands to leverage and interact with AIs. The app is mainly being used for entertainment purposes, but in the future, the startup sees Butterflies being used for things like discovery in a way that's similar to Instagram. Butterflies closed a $4.8 million seed round led by Coatue in November 2023. The funding round included participation from SV Angel and strategic angels, many of whom are former Snap product and engineering leaders. Vu says that Butterflies is one of the most wholesome ways to use and interact with AI. He notes that while the startup isn't claiming that it can help cure loneliness, he says it could help people connect with others, both AI and human.

"Growing up, I spent a lot of my time in online communities and talking to people in gaming forums," Vu said. "Looking back, I realized those people could just have been AIs, but I still built some meaningful connections. I think that there are people afraid of that and say, 'AI isn't real, go meet some real friends.' But I think it's a really privileged thing to say 'go out there and make some friends.' People might have social anxiety or find it hard to be in social situations."

Thomas Claburn reports via The Register: Meta allegedly tried to discredit university researchers in Brazil who had flagged fraudulent adverts on the social network's ad platform. Nucleo, a Brazil-based news organization, said it has obtained government documents showing that attorneys representing Meta questioned the credibility of researchers from NetLab, which is part of the Federal University of Rio de Janeiro (UFRJ). NetLab's research into Meta's ads contributed to Brazil's National Consumer Secretariat (Senacon) decision in 2023 to fine Meta $1.7 million (9.3 million BRL), which is still being appealed. Meta (then Facebook) was separately fined of $1.2 million (6.6 million BRL) related to Cambridge Analytica.

As noted by Nucleo, NetLab's report showed that Facebook, despite being notified about the issues, had failed to remove more than 1,800 scam ads that fraudulently used the name of a government program that was supposed to assist those in debt. In response to the fine, attorneys representing Meta from law firm TozziniFreire allegedly accused the NetLab team of bias and of failing to involve Meta in the research process. Nucleo says that it obtained the administrative filing through freedom of information requests to Senacon. The documents are said to date from December 26 last year and to be part of the ongoing case against Meta. A spokesperson for NetLab, who asked not to be identified by name due to online harassment directed at the organization's members, told The Register that the research group was aware of the Nucleo report. "We were kind of surprised to see the account of our work in this law firm document," the spokesperson said. "We expected to be treated with more fairness for our work. Honestly, it comes at a very bad moment because NetLab particularly, but also Brazilian science in general, is being attacked by far-right groups."

On Thursday, more than 70 civil society groups including NetLab published an open letter decrying Meta's legal tactics. "This is an attack on scientific research work, and attempts at intimidation of researchers and researchers who are performing excellent work in the production of knowledge from empirical analysis that have been fundamental to qualify the public debate on the accountability of social media platforms operating in the country, especially with regard to paid content that causes harm to consumers of these platforms and that threaten the future of our democracy," the letter says. "This kind of attack and intimidation is made even more dangerous by aligning with arguments that, without any evidence, have been used by the far right to discredit the most diverse scientific productions, including NetLab itself." The claim, allegedly made by Meta's attorneys, is that the ad biz was "not given the opportunity to appoint a technical assistant and present questions" in the preparation of the NetLabs report. This is particularly striking given Meta's efforts to limit research into its ad platform. A Meta spokesperson told The Register: "We value input from civil society organizations and academic institutions for the context they provide as we constantly work toward improving our services. Meta's defense filed with the Brazilian Consumer Regulator questioned the use of the NetLab report as legal evidence, since it was produced without giving us prior opportunity to contribute meaningfully, in violation of local legal requirements."

Thousands of people catching trains in the United Kingdom likely had their faces scanned by Amazon software as part of widespread artificial intelligence trials, new documents reveal. Wired: The image recognition system was used to predict travelers' age, gender, and potential emotions -- with the suggestion that the data could be used in advertising systems in the future. During the past two years, eight train stations around the UK -- including large stations such as London's Euston and Waterloo, Manchester Piccadilly, and other smaller stations -- have tested AI surveillance technology with CCTV cameras with the aim of alerting staff to safety incidents and potentially reducing certain types of crime.

The extensive trials, overseen by rail infrastructure body Network Rail, have used object recognition -- a type of machine learning that can identify items in videofeeds -- to detect people trespassing on tracks, monitor and predict platform overcrowding, identify antisocial behavior ("running, shouting, skateboarding, smoking"), and spot potential bike thieves. Separate trials have used wireless sensors to detect slippery floors, full bins, and drains that may overflow. The scope of the AI trials, elements of which have previously been reported, was revealed in a cache of documents obtained in response to a freedom of information request by civil liberties group Big Brother Watch. "The rollout and normalization of AI surveillance in these public spaces, without much consultation and conversation, is quite a concerning step," says Jake Hurfurt, the head of research and investigations at the group.

"SpaceX has received FCC clearance to operate a mysterious 'wireless module' device," PC Magazine reported earlier this week, speculating that the device "might be a new Starlink router." On Tuesday, the FCC issued an equipment authorization for the device, which uses the 2.4GHz and 5GHz Wi-Fi radio bands. A document in SpaceX's filing also says it features antennas along with Wi-Fi chips apparently from MediaTek. Another document calls the device by the codename "UTW-231," and defines it as a "wireless router" supporting IEEE 802.11b/g/n/ax for Wi-Fi 6 speeds up to 1,300Mbps. But perhaps the most interesting part is an image SpaceX attached, which suggests the router is relatively small and can fit in a person's open hand.... SpaceX CEO Elon Musk has said the "Starlink mini" dish is slated to arrive later this year and that it's small enough to fit in a backpack...

On Wednesday, PCMag also spotted the official Starlink.com site referencing the name "Mini" in a specification page for the satellite internet system.
Today saw some interesting speculation on the unoffical "Starlink Hardware" blog (written by Noah Clarke, who has a degree in electronics). Clarke guesses the product "will be aimed at portable use cases, such as camping, RV's, vans, hiking... designed to be easy to store, transport, and deploy". But he also notes Starlink updated their app today, with a new shopping page showing what he believes the upcoming product will look like. ("Very similar to the Standard dish, just smaller. It has a similar shape, and even a kickstand.") If you go into developer mode and play around with the Mini network settings, you notice something interesting. There is no separate router. Devices are connected to the dish itself... I'm guessing that, in order to make the Mini as portable as possible, Starlink decided it was best to simplify the system and limit the number of components.

There are more Wifi details that have been revealed, and that is mesh compatibility. For those of you that might be interested in using the Mini at home, or for larger events where you need additional Wifi coverage, the Mini's built-in router will be compatible with Starlink mesh. You'll be able to wirelessly pair another Starlink router to the Mini.

ZDNet published a new article this week with their own tips for new Linux users. It begins by arguing that switching to the Linux desktop "is easier than you think" and "you'll find help everywhere". (And also that "You won't want for apps.") That doesn't mean it has everything. For example, there is no version of Adobe Photoshop. There is GIMP (which is just as powerful as Photoshop) but for those of you accustomed to Adobe's de facto standard, you're out of luck. The worst-case scenario is you have to learn a new piece of software to meet your graphic needs. At the same time, you might have to turn to proprietary software. For open-source purists, that's a no-go. But for those who just need to get things done, you'll find a mixture of open-source and proprietary software will give you everything you need to be productive and entertained.
Their article also recommends new users should "weed out Arch-based distributions," while warning that "Linux is more secure, but..." The truth is, any time you have a computer connected to a network, it's vulnerable and it doesn't matter what operating system you use. To that end, it's crucial that you keep your operating system (and the installed applications) up to date. Fortunately, most Linux operating systems make this very easy...

You're probably used to the slow trickle of updates and improvements found in the likes of Windows or MacOS. On Linux, you can count on that process being considerably faster. This is especially important with updates. When a vulnerability is found in an application that affects Linux, it is fixed far faster than it would be on competing platforms. The reason for this is that most Linux software is created and maintained by developers who don't have to answer to boards or committees or have a painfully slow bug resolution process. It might be announced that a vulnerability has been discovered in an application and the fix is officially released the next day. I've seen that very thing happen more times than I can count.

But it's not just about vulnerabilities. Developers add new features to software all the time and even listen to users. You could contact a developer of an open-source application with an idea and find it implemented in the next update. Linux is always evolving and it does so much faster than other operating systems.
And there's one final caveat. "Not all hardware will work (but most will)." I'll say this (and I stand by it): Ubuntu Linux probably has the best hardware detection and support of any operating system on the market. But that doesn't mean it works with everything. Certain peripherals you own could have trouble working with Linux. Two of the more problematic pieces of hardware are scanners and wireless chips. When I find a piece of hardware that isn't supported, here's one thing I've often done: I try a different Linux distribution... (Fedora often ships with a newer kernel than Ubuntu Linux, and therefore supports more modern hardware.)

Keep in mind that most Linux distributions are offered as Live images, which means you can test-drive them without making any changes to your hard drive. This is a great way to tell if a distribution will support all the hardware you need to use.
Agree? Disagree? Share your reactions in the comments...

And what advice would you give to a first-time Linux user?

Drew Turney reports via Live Science: The "Turing test," first proposed as "the imitation game" by computer scientist Alan Turing in 1950, judges whether a machine's ability to show intelligence is indistinguishable from a human. For a machine to pass the Turing test, it must be able to talk to somebody and fool them into thinking it is human. Scientists decided to replicate this test by asking 500 people to speak with four respondents, including a human and the 1960s-era AI program ELIZA as well as both GPT-3.5 and GPT-4, the AI that powers ChatGPT. The conversations lasted five minutes -- after which participants had to say whether they believed they were talking to a human or an AI. In the study, published May 9 to the pre-print arXiv server, the scientists found that participants judged GPT-4 to be human 54% of the time.

ELIZA, a system pre-programmed with responses but with no large language model (LLM) or neural network architecture, was judged to be human just 22% of the time. GPT-3.5 scored 50% while the human participant scored 67%. "Machines can confabulate, mashing together plausible ex-post-facto justifications for things, as humans do," Nell Watson, an AI researcher at the Institute of Electrical and Electronics Engineers (IEEE), told Live Science. "They can be subject to cognitive biases, bamboozled and manipulated, and are becoming increasingly deceptive. All these elements mean human-like foibles and quirks are being expressed in AI systems, which makes them more human-like than previous approaches that had little more than a list of canned responses." Further reading: 1960s Chatbot ELIZA Beat OpenAI's GPT-3.5 In a Recent Turing Test Study

Steven Vaughan-Nichols reports via ZDNet: While Linux and open-source software (OSS) are no longer constantly under intellectual property (IP) attacks, the Open Invention Network (OIN) patent consortium still stands guard over its patents. Now, OIN, the largest patent non-aggression community, has expanded its protection once again by updating its Linux System definition. Covering more than just Linux, the Linux System definition also protects adjacent open-source technologies. In the past, protection was expanded to Android, Kubernetes, and OpenStack. The OIN accomplishes this by providing a shared defensive patent pool of over 3 million patents from over 3,900 community members. OIN members include Amazon, Google, Microsoft, and essentially all Linux-based companies.

This latest update extends OIN's existing patent risk mitigation efforts to cloud-native computing and enterprise software. In the cloud computing realm, OIN has added patent coverage for projects such as Istio, Falco, Argo, Grafana, and Spire. For enterprise computing, packages such as Apache Atlas and Apache Solr -- used for data management and search at scale, respectively -- are now protected. The update also enhances patent protection for the Internet of Things (IoT), networking, and automotive technologies. OpenThread and packages such as agl-compositor and kukusa.val have been added to the Linux System definition. In the embedded systems space, OIN has supplemented its coverage of technologies like OpenEmbedded by adding the OpenAMP and Matter, the home IoT standard. OIN has included open hardware development tools such as Edalize, cocotb, Amaranth, and Migen, building upon its existing coverage of hardware design tools like Verilator and FuseSoc.

Keith Bergelt, OIN's CEO, emphasized the importance of this update, stating, "Linux and other open-source software projects continue to accelerate the pace of innovation across a growing number of industries. By design, periodic expansion of OIN's Linux System definition enables OIN to keep pace with OSS's growth." [...] Looking ahead, Bergelt said, "We made this conscious decision not to include AI. It's so dynamic. We wait until we see what AI programs have significant usage and adoption levels." This is how the OIN has always worked. The consortium takes its time to ensure it extends its protection to projects that will be around for the long haul. The OIN practices patent non-aggression in core Linux and adjacent open-source technologies by cross-licensing their Linux System patents to one another on a royalty-free basis. When OIN signees are attacked because of their patents, the OIN can spring into action.

The Ukraine cyber police, supported by information from the Dutch police, arrested a 28-year-old Russian man in Kyiv for aiding Conti and LockBit ransomware operations by making their malware undetectable and conducting at least one attack himself. He was arrested on April 18, 2024, as part of a global law enforcement operation known as "Operation Endgame," which took down various botnets and their main operators. "As the Conti ransomware group used some of those botnets for initial access on breached endpoints, evidence led investigators to the Russian hacker," reports BleepingComputer. From the report: The Ukrainian police reported that the arrested individual was a specialist in developing custom crypters for packing the ransomware payloads into what appeared as safe files, making them FUD (fully undetectable) to evade detection by the popular antivirus products. The police found that the man was selling his crypting services to both the Conti and LockBit cybercrime syndicates, helping them significantly increase their chances of success on breached networks. The Dutch police confirmed at least one case of the arrested individual orchestrating a ransomware attack in 2021, using a Conti payload, so he also operated as an affiliate for maximum profit.

"As part of the pre-trial investigation, police, together with patrol officers of the special unit "TacTeam" of the TOR DPP battalion, conducted a search in Kyiv," reads the Ukraine police announcement. "Additionally, at the international request of law enforcement agencies in the Netherlands, a search was conducted in the Kharkiv region." [...] The suspect has already been charged with Part 5 of Article 361 of the Criminal Code of Ukraine (Unauthorized interference in the work of information, electronic communication, information and communication systems, electronic communication networks) and faces up to 15 years imprisonment.

An anonymous reader quotes a report from Singapore's CNA news channel: Kandula Nagaraju, 39, was sentenced to two years and eight months' jail on Monday (Jun 10) for one charge of unauthorized access to computer material. Another charge was taken into consideration for sentencing. His contract with NCS was terminated in October 2022 due to poor work performance and his official last date of employment was Nov 16, 2022. According to court documents, Kandula felt "confused and upset" when he was fired as he felt he had performed well and "made good contributions" to NCS during his employment. After leaving NCS, he did not have another job in Singapore and returned to India.

Between November 2021 and October 2022, Kandula was part of a 20-member team managing the quality assurance (QA) computer system at NCS. NCS is a company that offers information communication and technology services. The system that Kandula's former team was managing was used to test new software and programs before launch. In a statement to CNA on Wednesday, NCS said it was a "standalone test system." It consisted of about 180 virtual servers, and no sensitive information was stored on them. After Kandula's contract was terminated and he arrived back in India, he used his laptop to gain unauthorized access to the system using the administrator login credentials. He did so on six occasions between Jan 6 and Jan 17, 2023.

In February that year, Kandula returned to Singapore after finding a new job. He rented a room with a former NCS colleague and used his Wi-Fi network to access NCS' system once on Feb 23, 2023. During the unauthorized access in those two months, he wrote some computer scripts to test if they could be used on the system to delete the servers. In March 2023, he accessed NCS' QA system 13 times. On Mar 18 and 19, he ran a programmed script to delete 180 virtual servers in the system. His script was written such that it would delete the servers one at a time. The following day, the NCS team realized the system was inaccessible and tried to troubleshoot, but to no avail. They discovered that the servers had been deleted. [...] As a result of his actions, NCS suffered a loss of $679,493.

An anonymous reader quotes a report from Ars Technica: Hackers working for the Chinese government gained access to more than 20,000 VPN appliances sold by Fortinet using a critical vulnerability that the company failed to disclose for two weeks after fixing it, Netherlands government officials said. The vulnerability, tracked as CVE-2022-42475, is a heap-based buffer overflow that allows hackers to remotely execute malicious code. It carries a severity rating of 9.8 out of 10. A maker of network security software, Fortinet silently fixed the vulnerability on November 28, 2022, but failed to mention the threat until December 12 of that year, when the company said it became aware of an "instance where this vulnerability was exploited in the wild." On January 11, 2023 -- more than six weeks after the vulnerability was fixed -- Fortinet warned a threat actor was exploiting it to infect government and government-related organizations with advanced custom-made malware. Netherlands government officials wrote in Monday's report: Since the publication in February, the MIVD has continued to investigate the broader Chinese cyber espionage campaign. This revealed that the state actor gained access to at least 20,000 FortiGate systems worldwide within a few months in both 2022 and 2023 through the vulnerability with the identifier CVE-2022-42475 . Furthermore, research shows that the state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet announced the vulnerability. During this so-called 'zero-day' period, the actor alone infected 14,000 devices. Targets include dozens of (Western) governments, international organizations and a large number of companies within the defense industry.

The state actor installed malware at relevant targets at a later date. This gave the state actor permanent access to the systems. Even if a victim installs security updates from FortiGate, the state actor continues to have this access. It is not known how many victims actually have malware installed. The Dutch intelligence services and the NCSC consider it likely that the state actor could potentially expand its access to hundreds of victims worldwide and carry out additional actions such as stealing data. Even with the technical report on the COATHANGER malware, infections from the actor are difficult to identify and remove. The NCSC and the Dutch intelligence services therefore state that it is likely that the state actor still has access to systems of a significant number of victims.

British police have arrested two individuals involved in an SMS-based phishing campaign using a unique device police described as a "homemade mobile antenna," "an illegitimate telephone mast," and a "text message blaster." This first-of-its-kind device in the UK was designed to send fraudulent texts impersonating banks and other official organizations, "all while allegedly bypassing network operators' anti-SMS-based phishing, or smishing, defenses," reports The Register. From the report: Thousands of messages were sent using this setup, City of London Police claimed on Friday, with those suspected to be behind the operation misrepresenting themselves as banks "and other official organizations" in their texts. [...] Huayong Xu, 32, of Alton Road in Croydon, was arrested on May 23 and remains the only individual identified by police in this investigation at this stage. He has been charged with possession of articles for use in fraud and will appear at Inner London Crown Court on June 26. The other individual, who wasn't identified and did not have their charges disclosed by police, was arrested on May 9 in Manchester and was bailed. [...]

Without any additional information to go on, it's difficult to make any kind of assumption about what these "text message blaster" devices might be. However, one possibility, judging from the messaging from the police, is that the plod are referring to an IMSI catcher aka a Stingray, which acts as a cellphone tower to communicate with people's handhelds. But those are intended primarily for surveillance. What's more likely is that the suspected UK device is perhaps some kind of SIM bank or collection of phones programmed to spam out shedloads of SMSes at a time.

storkus shares a report: Starting from 2030, Mastercard will no longer require Europeans to enter their card numbers manually when checking out online -- no matter what platform or device they're using. Mastercard will announce Tuesday in a fireside chat with CNBC that, by 2030, all cards it issues on its network in Europe will be tokenized. In other words, instead of the 16-digit card number we're all accustomed to using for transactions, this will be replaced with a randomly generated "token."

The firm says it's been working with banks, fintechs, merchants and other partners to phase out manual card entry for e-commerce by 2030 in Europe, in favor of a one-click button across all online platforms. This will ensure that consumers' cards are secure against fraud attempts, Mastercard says. Users won't have to keep entering passwords every time they try to make a payment, as Mastercard is introducing passkeys that replace passwords.

storkus comments: "This story, as currently written, says nothing about their plans outside Europe but in the past the USA in particular has been dead last in getting this kind of tech."

The definition of the word "bot" is shifting to become an insult to someone you know is human, according to researchers who analyzed more than 22 million tweets. Researchers found this shift began around 2017, with left-leaning users more likely to accuse right-leaning users of being bots. "A potential explanation might be that media frequently reported about right-wing bot networks influencing major events like the [2016] US election," says Dennis Assenmacher at Leibniz Institute for Social Sciences in Cologne, Germany. "However, this is just speculation and would need confirmation." NewScientist reports: To investigate, Assenmacher and his colleagues looked at how users perceive what is a bot or not. They did so by looking at how the word "bot" was used on Twitter between 2007 and December 2022 (the social network changed its name to X in 2023, following its purchase by Elon Musk), analyzing the words that appeared next to it in more than 22 million English-language tweets. The team found that before 2017, the word was usually deployed alongside allegations of automated behavior of the type that would traditionally fit the definition of a bot, such as "software," "script" or "machine." After that date, the use shifted. "Now, the accusations have become more like an insult, dehumanizing people, insulting them, and using this as a technique to deny their intelligence and deny their right to participate in a conversation," says Assenmacher. The study has been published in the journal Proceedings of the Eighteenth International AAAI Conference on Web and Social Media.

An anonymous reader quotes a report from Ars Technica: Internet service providers are again urging the Federal Communications Commission to impose new fees on Big Tech firms and use the money to subsidize broadband network deployment and affordability programs. If approved, the request would force Big Tech firms to pay into the FCC's Universal Service Fund (USF), which in turn distributes money to broadband providers. The request was made on June 6 by USTelecom, a lobby group for AT&T, Verizon, CenturyLink/Lumen, and smaller telcos. USTelecom has made similar arguments before, but its latest request to the FCC argues that the recent death of a broadband discount program should spur the FCC to start extracting money from Big Tech.

"Through focusing on the Big Tech companies who benefit most from broadband connectivity, the Commission will fairly allocate the burden of sustaining USF," USTelecom wrote in the FCC filing last week. The USF spends about $8 billion a year. Phone companies must pay a percentage of their revenue into the fund, and telcos generally pass those fees on to consumers with a "Universal Service" line item on telephone bills. The money is directed back to the telco industry with programs like the Connect America Fund and Rural Digital Opportunity Fund, which subsidize network construction in unserved and underserved areas. The USF also funds Lifeline program discounts for people with low incomes.

FCC Chairwoman Jessica Rosenworcel hasn't stated any intention to expand USF contributions to Big Tech. Separately, she rejected calls to impose Universal Service fees on broadband, leaving phone service as the only source of USF revenue. The USTelecom filing came in response to the FCC asking for input on its latest analysis of competition in the communications marketplace. USTelecom says the USF is relevant to the proceeding because "the Universal Service Fund is critical for maintaining a competitive marketplace and an expanded contributions base is necessary to sustain the fund." No changes to the USF would be made in this proceeding, though USTelecom's comments could be addressed in the FCC's final report.

At a New York Yankees baseball game, one fan discovered its concession stand doesn't accept cash. "An employee directed him to a kiosk that could convert his greenbacks into plastic," reports the Wall Street Journal, where the fan, "fed $200 into the reverse ATM, which subtracted a $3.50 fee and spat out a debit card with a balance of $196.50." Paying with cash used to be a way to get a discount. These days it can often cost an extra $1 to $6 — the sort of transaction fees once limited to swiping a credit card or using an out-of-network ATM. Reverse ATMs like those at Yankee Stadium are now common at cashless venues and restaurants across the country as a way to cater to those who prefer paying in cash. People who want to pay their parking tickets, tolls, taxes or phone bills in cash, meanwhile, often learn that government agencies and businesses have outsourced that option to companies that usually charge a fee.

All that can amount to a penalty on the people who prefer paying cash. Though it is more common to buy things with cards and mobile devices, cash remains the third-most popular way to pay, accounting for 16% of all payments in 2023, according to the Federal Reserve. That's down 2 percentage points from the year before, continuing a steady decline that accelerated during the pandemic. "It's unbelievable that we actually have to tell retailers, 'This is U.S. currency and it's something that should be accepted,' " said Jonathan Alexander, executive director of the Consumer Choice in Payment Coalition, a group of businesses and nonprofits lobbying for the continued acceptance of cash.

There aren't federal laws that require businesses to accept cash. States like Colorado and Rhode Island and cities like New York banned cashless retail establishments after many stores shifted to card-only transactions to reduce the spread of Covid-19, speed up transactions and cut back on theft. In 2023, lawmakers in the House of Representatives and the Senate introduced bills requiring that businesses accept cash for all in-person purchases under $500, unless they provide devices like a reverse ATM that don't charge fees. The bills haven't passed.

Cashless businesses can be a burden for older or lower-income shoppers who are less likely to have access to digital payments. They also pose challenges for younger people who haven't yet set up credit cards or bank accounts.
The article includes the story of an 18-year-old who earned cash by babysitting, then went to a hockey game and "was charged a 50-cent fee after putting $20 into a reverse ATM...to order chicken nuggets and a bottle of water." (Others who prefer cash "say paper money is anonymous, helps them keep spending under control and is better for tips," the article adds noting that roughly six in 10 Americans use cash for at least some of their purchases, according to Pew Research Center.)

The makers of one "reverse ATM" tell the Journal that whether or not someone gets charged a fee actually depends on what state they're in — and on the preferences of the venue that installed the ATM machine.