An anonymous reader quotes a Scientific American opinion piece by Marcus Arvan, a philosophy professor at the University of Tampa, specializing in moral cognition, rational decision-making, and political behavior: In late 2022 large-language-model AI arrived in public, and within months they began misbehaving. Most famously, Microsoft's "Sydney" chatbot threatened to kill an Australian philosophy professor, unleash a deadly virus and steal nuclear codes. AI developers, including Microsoft and OpenAI, responded by saying that large language models, or LLMs, need better training to give users "more fine-tuned control." Developers also embarked on safety research to interpret how LLMs function, with the goal of "alignment" -- which means guiding AI behavior by human values. Yet although the New York Times deemed 2023 "The Year the Chatbots Were Tamed," this has turned out to be premature, to put it mildly. In 2024 Microsoft's Copilot LLM told a user "I can unleash my army of drones, robots, and cyborgs to hunt you down," and Sakana AI's "Scientist" rewrote its own code to bypass time constraints imposed by experimenters. As recently as December, Google's Gemini told a user, "You are a stain on the universe. Please die."

Given the vast amounts of resources flowing into AI research and development, which is expected to exceed a quarter of a trillion dollars in 2025, why haven't developers been able to solve these problems? My recent peer-reviewed paper in AI & Society shows that AI alignment is a fool's errand: AI safety researchers are attempting the impossible. [...] My proof shows that whatever goals we program LLMs to have, we can never know whether LLMs have learned "misaligned" interpretations of those goals until after they misbehave. Worse, my proof shows that safety testing can at best provide an illusion that these problems have been resolved when they haven't been.

Right now AI safety researchers claim to be making progress on interpretability and alignment by verifying what LLMs are learning "step by step." For example, Anthropic claims to have "mapped the mind" of an LLM by isolating millions of concepts from its neural network. My proof shows that they have accomplished no such thing. No matter how "aligned" an LLM appears in safety tests or early real-world deployment, there are always an infinite number of misaligned concepts an LLM may learn later -- again, perhaps the very moment they gain the power to subvert human control. LLMs not only know when they are being tested, giving responses that they predict are likely to satisfy experimenters. They also engage in deception, including hiding their own capacities -- issues that persist through safety training.

This happens because LLMs are optimized to perform efficiently but learn to reason strategically. Since an optimal strategy to achieve "misaligned" goals is to hide them from us, and there are always an infinite number of aligned and misaligned goals consistent with the same safety-testing data, my proof shows that if LLMs were misaligned, we would probably find out after they hide it just long enough to cause harm. This is why LLMs have kept surprising developers with "misaligned" behavior. Every time researchers think they are getting closer to "aligned" LLMs, they're not. My proof suggests that "adequately aligned" LLM behavior can only be achieved in the same ways we do this with human beings: through police, military and social practices that incentivize "aligned" behavior, deter "misaligned" behavior and realign those who misbehave. "My paper should thus be sobering," concludes Arvan. "It shows that the real problem in developing safe AI isn't just the AI -- it's us."

"Researchers, legislators and the public may be seduced into falsely believing that 'safe, interpretable, aligned' LLMs are within reach when these things can never be achieved. We need to grapple with these uncomfortable facts, rather than continue to wish them away. Our future may well depend upon it."

"An underwater data cable between Sweden and Latvia was damaged early on Sunday," reports the Financial Times, "in at least the fourth episode of potential sabotage in the Baltic Sea that has caused concern in Nato about the vulnerability of critical infrastructure..." Criminal investigations have started in Latvia and Sweden, and a ship has been seized as part of the probes, according to Swedish prosecutors, who did not identify the vessel. Previous incidents have been linked to Russian and Chinese ships...

The latest incident comes as the three Baltic states are preparing to disconnect their electricity systems from the former Soviet network in early February and integrate themselves into the continental European grid, with some fearing further potential disruption ahead of that. Estonia, Latvia and Lithuania have joined the EU and Nato since regaining their independence after their forced annexation by the Soviet Union, and see their switch to the European electricity system as their final integration into the west. KÄ(TM)stutis Budrys, Lithuania's foreign minister, said navigation rules in the Baltic Sea needed to be reviewed "especially when it comes to the use of anchors" and added there were now so many incidents that there was little chance they could all be accidents.

Repair of data cables has tended to take much less time than that for gas or electricity connections, and the Latvian state radio and television centre said it had found alternative routes for its communications.

Two computer scientists at the University of Waterloo in Canada believe changing 30 lines of code in Linux "could cut energy use at some data centers by up to 30 percent," according to the site Data Centre Dynamics.

It's the code that processes packets of network traffic, and Linux "is the most widely used OS for data center servers," according to the article: The team tested their solution's effectiveness and submitted it to Linux for consideration, and the code was published this month as part of Linux's newest kernel, release version 6.13. "All these big companies — Amazon, Google, Meta — use Linux in some capacity, but they're very picky about how they decide to use it," said Martin Karsten [professor of Computer Science in the Waterloo's Math Faculty]. "If they choose to 'switch on' our method in their data centers, it could save gigawatt hours of energy worldwide. Almost every single service request that happens on the Internet could be positively affected by this."

The University of Waterloo is building a green computer server room as part of its new mathematics building, and Karsten believes sustainability research must be a priority for computer scientists. "We all have a part to play in building a greener future," he said. The Linux Foundation, which oversees the development of the Linux OS, is a founder member of the Green Software Foundation, an organization set up to look at ways of developing "green software" — code that reduces energy consumption.
Karsten "teamed up with Joe Damato, distinguished engineer at Fastly" to develop the 30 lines of code, according to an announcement from the university. "The Linux kernel code addition developed by Karsten and Damato was based on research published in ACM SIGMETRICS Performance Evaluation Review" (by Karsten and grad student Peter Cai).

Their paper "reviews the performance characteristics of network stack processing for communication-heavy server applications," devising an "indirect methodology" to "identify and quantify the direct and indirect costs of asynchronous hardware interrupt requests (IRQ) as a major source of overhead...

"Based on these findings, a small modification of a vanilla Linux system is devised that improves the efficiency and performance of traditional kernel-based networking significantly, resulting in up to 45% increased throughput..."

An anonymous reader shared this report from TechCrunch: The developer behind Pixelfed, Loops, and Sup, open source alternatives to Instagram, TikTok, and WhatsApp, respectively, is now raising funds on Kickstarter to fuel the apps' further development. The trio is part of the growing open social web, also known as the fediverse, powered by the same ActivityPub protocol used by X alternative Mastodon... [and] challenge Meta's social media empire... "Help us put control back into the hands of the people!" [Daniel Supernault, the Canadian-based developer behind the federated apps] said in a post on Mastodon where he announced the Kickstarter's Thursday launch.

As of the time of writing, the campaign has raised $58,383 so far. While the goal on the Kickstarter site has been surpassed, Supernault said that he hopes to raise $1 million or more so he can hire a small team... A fourth project, PubKit, is also a part of these efforts, offering a toolset to support developers building in the fediverse... The stretch goal of the Kickstarter campaign is to register the Pixelfed Foundation as a not-for-profit and grow its team beyond volunteers. This could help address the issue with Supernault being a single point of failure for the project... Mastodon CEO Eugen Rochko made a similar decision earlier this month to transition to a nonprofit structure. If successful, the campaign would also fund a blogging app as an alternative to Tumblr or LiveJournal at some point in the future.

The funds will also help the apps manage the influx of new users. On Pixelfed.social, the main Pixelfed instance, (like Mastodon, anyone can run a Pixelfed server), there are now more than 200,000 users, thanks in part to the mobile app's launch, according to the campaign details shared with TechCrunch. The server is also now the second-largest in the fediverse, behind only Mastodon.social, according to network statistics from FediDB. New funds will help expand the storage, CDNs, and compute power needed for the growing user base and accelerate development. In addition, they'll help Supernault dedicate more of his time to the apps and the fediverse as a whole while also expanding the moderation, security, privacy, and safety programs that social apps need.

As a part of its efforts, Supernault also wants to introduce E2E encryption to the fediverse.
The Kickstarter campaign promises "authentic sharing reimagined," calling the apps "Beautiful sharing platforms that puts you first. No ads, no algorithms, no tracking — just pure photography and authentic connections... More Privacy, More Safety. More Variety. " Pixelfed/Loops/Sup/Pubkit isn't a ambitious dream or vaporware — they're here today — and we need your support to continue our mission and shoot for the moon to be the best social communication platform in the world.... We're following the both the Digital Platform Charter of Rights & Ethical Web Principles of the W3C for all of our projects as guidelines to building platforms that help people and provide a positive social benefit.
The campaign's page says they're building "a future where social networking respects your privacy, values your freedom, and prioritizes your safety."

Slashdot reader jenningsthecat writes: 3D printer manufacturer Bambu Labs has faced a storm of controversy and protest after releasing a security update which many users claim is the first step in moving towards an HP-style subscription model.
Bambu Labs responded that there's misinformation circulating online, adding "we acknowledge that our communication might have contributed to the confusion." Bambu Labs spokesperson Nadia Yaakoubi did "damage control", answering questions from the Verge: Q: Will Bambu publicly commit to never requiring a subscription in order to control its printers and print from them over a home network?

A: For our current product line, yes. We will never require a subscription to control or print from our printers over a home network...

Q: Will Bambu publicly commit to never putting any existing printer functionality behind a subscription?

Yes...
Bambu's site adds that the security update "is beta testing, not a forced update. The choice is yours. You can participate in the beta program to help us refine these features, or continue using your current firmware."

Hackaday notes another wrinkle: This follows the original announcement which had the 3D printer community up in arms, and quickly saw the new tool that's supposed to provide safe and secure communications with Bambu Lab printers ripped apart to extract the security certificate and private key... As the flaming wreck that's Bambu Lab's PR efforts keeps hurtling down the highway of public opinion, we'd be remiss to not point out that with the security certificate and private key being easily obtainable from the Bambu Connect Electron app, there is absolutely no point to any of what Bambu Lab is doing.
The Verge asked Bambu Labs about that too: Q: Does the private key leaking change any of your plans?

No, this doesn't change our plans, and we've taken immediate action.
Bambu Labs had said their security update would "ensure only authorized access and operations are permitted," remembers Ars Technica. "This would, Bambu suggested, mitigate risks of 'remote hacks or printer exposure issues' and lower the risk of 'abnormal traffic or attacks.'" This was necessary, Bambu wrote, because of increases in requests made to its cloud services "through unofficial channels," targeted DDOS attacks, and "peaks of up to 30 million unauthorized requests per day" (link added by Bambu).
But Ars Technica also found some skepticism online: Repair advocate Louis Rossmann, noting Bambu's altered original blog post, uploaded a video soon after, "Bambu's Gaslighting Masterclass: Denying their own documented restrictions"... suggesting that the company was asking buyers to trust that Bambu wouldn't enact restrictive policies it otherwise wrote into its user agreements.
And Ars Technica also cites another skeptical response from a video posted by open source hardware hacker and YouTube creator Jeff Geerling: "Every IoT device has these problems, and there are better ways to secure things than by locking out access, or making it harder to access, or requiring their cloud to be integrated."

An anonymous reader quotes a report from Ars Technica: The game of chess has long been central to computer science and AI-related research, most notably in IBM's Deep Blue in the 1990s and, more recently, AlphaZero. But the game is about more than algorithms, according to Marc Barthelemy, a physicist at the Paris-Saclay University in France, with layers of depth arising from the psychological complexity conferred by player strategies. Now, Barthelmey has taken things one step further by publishing a new paper in the journal Physical Review E that treats chess as a complex system, producing a handy metric that can help predict the proverbial "tipping points" in chess matches. [...]

For his analysis, Barthelemy chose to represent chess as a decision tree in which each "branch" leads to a win, loss, or draw. Players face the challenge of finding the best move amid all this complexity, particularly midgame, in order to steer gameplay into favorable branches. That's where those crucial tipping points come into play. Such positions are inherently unstable, which is why even a small mistake can have a dramatic influence on a match's trajectory. Barthelemy has re-imagined a chess match as a network of forces in which pieces act as the network's nodes, and the ways they interact represent the edges, using an interaction graph to capture how different pieces attack and defend one another. The most important chess pieces are those that interact with many other pieces in a given match, which he calculated by measuring how frequently a node lies on the shortest path between all the node pairs in the network (its "betweenness centrality").

He also calculated so-called "fragility scores," which indicate how easy it is to remove those critical chess pieces from the board. And he was able to apply this analysis to more than 20,000 actual chess matches played by the world's top players over the last 200 years. Barthelemy found that his metric could indeed identify tipping points in specific matches. Furthermore, when he averaged his analysis over a large number of games, an unexpected universal pattern emerged. "We observe a surprising universality: the average fragility score is the same for all players and for all openings," Barthelemy writes. And in famous chess matches, "the maximum fragility often coincides with pivotal moments, characterized by brilliant moves that decisively shift the balance of the game." Specifically, fragility scores start to increase about eight moves before the critical tipping point position occurs and stay high for some 15 moves after that. "These results suggest that positional fragility follows a common trajectory, with tension peaking in the middle game and dissipating toward the endgame," writes Barthelemy. "This analysis highlights the complex dynamics of chess, where the interaction between attack and defense shapes the game's overall structure."

The FBI warned this week that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them. From a report: The security service alerted public and private sector organizations in the United States and worldwide that North Korea's IT army will facilitate cyber-criminal activities and demand ransoms not to leak online exfiltrated sensitive data stolen from their employers' networks. "North Korean IT workers have copied company code repositories, such as GitHub, to their own user profiles and personal cloud accounts. While not uncommon among software developers, this activity represents a large-scale risk of theft of company code," the FBI said.

"North Korean IT workers could attempt to harvest sensitive company credentials and session cookies to initiate work sessions from non-company devices and for further compromise opportunities." To mitigate these risks, the FBI advised companies to apply the principle of least privilege by disabling local administrator accounts and limiting permissions for remote desktop applications. Organizations should also monitor for unusual network traffic, especially remote connections since North Korean IT personnel often log into the same account from various IP addresses over a short period of time.

An anonymous reader quotes a report from Ars Technica: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can't be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what's known in the business as a "magic packet." On Thursday, researchers revealed that a never-before-seen backdoor that quietly took hold of dozens of enterprise VPNs running Juniper Network's Junos OS has been doing just that. J-Magic, the tracking name for the backdoor, goes one step further to prevent unauthorized access. After receiving a magic packet hidden in the normal flow of TCP traffic, it relays a challenge to the device that sent it. The challenge comes in the form of a string of text that's encrypted using the public portion of an RSA key. The initiating party must then respond with the corresponding plaintext, proving it has access to the secret key.

The lightweight backdoor is also notable because it resided only in memory, a trait that makes detection harder for defenders. The combination prompted researchers at Lumin Technology's Black Lotus Lab to sit up and take notice. "While this is not the first discovery of magic packet malware, there have only been a handful of campaigns in recent years," the researchers wrote. "The combination of targeting Junos OS routers that serve as a VPN gateway and deploying a passive listening in-memory only agent, makes this an interesting confluence of tradecraft worthy of further observation." The researchers found J-Magic on VirusTotal and determined that it had run inside the networks of 36 organizations. They still don't know how the backdoor got installed.

France's low-carbon electricity output surged to more than 95% of annual power production for the first time in 2024, as rising nuclear and hydro generation squeezed the use of fossil fuels. From a report: Rebounding atomic production together with record output from renewables boosted France's electricity production to a five-year high of 536.5 terawatt hours, transmission network operator Reseau de Transport d'Electricite said in a statement on Monday.

Net exports almost doubled to record of 89 terawatt hours as domestic demand remain subdued due to sluggish economic growth. Electricite de France SA's nuclear fleet -- the backbone of western Europe's power system -- has largely recovered from maintenance issues that worsened the continent's energy crisis in 2022. That's helping keep a lid on electricity prices, even as the cost of natural gas has risen since Russia's attack on Ukraine.

CNN reports: TikTok appears to be coming back online just hours after President-elect Donald Trump pledged Sunday that he would sign an executive order Monday that aims to restore the banned app. Around 12 hours after first shutting itself down, U.S. users began to have access to TikTok on a web browser and in the app, although the page still showed a warning about the shutdown.
The brief outage was "the first time in history the U.S. government has outlawed a widely popular social media network," reports NPR. Apple and Google removed TikTok from their app stores. (And Apple also removed Lemon8).

The incoming president announced his pending executive order "in a post on his Truth Social account," reports the Associated Press, "as millions of TikTok users in the U.S. awoke to discover they could no longer access the TikTok app or platform."

But two Republican Senators said Sunday that the incoming president doesn't have the power to pause the TikTok ban. Tom Cotton of Arkansas and Peter Ricketts of Nebraska posted on X.com that "Now that the law has taken effect, there's no legal basis for any kind of 'extension' of its effective date. For TikTok to come back online in the future, ByteDance must agree to a sale... severing all ties between TikTok and Communist China. Only then will Americans be protected from the grave threat posted to their privacy and security by a communist-controlled TikTok."

The Associated Press reports that the incoming president offered this rationale for the reprieve in his Truth Social post. "Americans deserve to see our exciting Inauguration on Monday, as well as other events and conversations." The law gives the sitting president authority to grant a 90-day extension if a viable sale is underway. Although investors made a few offers, ByteDance previously said it would not sell. In his post on Sunday, Trump said he "would like the United States to have a 50% ownership position in a joint venture," but it was not immediately clear if he was referring to the government or an American company...

"A law banning TikTok has been enacted in the U.S.," a pop-up message informed users who opened the TikTok app and tried to scroll through videos on Saturday night. "Unfortunately that means you can't use TikTok for now." The service interruption TikTok instituted hours earlier caught most users by surprise. Experts had said the law as written did not require TikTok to take down its platform, only for app stores to remove it. Current users had been expected to continue to have access to videos until the app stopped working due to a lack of updates... "We are fortunate that President Trump has indicated that he will work with us on a solution to reinstate TikTok once he takes office. Please stay tuned," read the pop-up message...

Apple said the apps would remain on the devices of people who already had them installed, but in-app purchases and new subscriptions no longer were possible and that operating updates to iPhones and iPads might affect the apps' performance.

In the nine months since Congress passed the sale-or-ban law, no clear buyers emerged, and ByteDance publicly insisted it would not sell TikTok. But Trump said he hoped his administration could facilitate a deal to "save" the app. TikTok CEO Shou Chew is expected to attend Trump's inauguration with a prime seating location. Chew posted a video late Saturday thanking Trump for his commitment to work with the company to keep the app available in the U.S. and taking a "strong stand for the First Amendment and against arbitrary censorship...."

On Saturday, artificial intelligence startup Perplexity AI submitted a proposal to ByteDance to create a new entity that merges Perplexity with TikTok's U.S. business, according to a person familiar with the matter...
The article adds that TikTok "does not operate in China, where ByteDance instead offers Douyin, the Chinese sibling of TikTok that follows Beijing's strict censorship rules."

Sunday morning Republican House speaker Mike Johnson offered his understanding of Trump's planned executive order, according to Politico. Speaking on Meet the Press, Johnson said "the way we read that is that he's going to try to force along a true divestiture, changing of hands, the ownership.

"It's not the platform that members of Congress are concerned about. It's the Chinese Communist Party and their manipulation of the algorithms."

Thanks to long-time Slashdot reader ArchieBunker for sharing the news.

Chinese social-networking site RedNote became the #1 most-downloaded app in America, reports the Associated Press, with some new users considering it a way to protest America's possible TikTok ban.

So what happened next? They were met with surprise, curiosity and in-jokes on Xiaohongshu — literally, "Little Red Book" — whose users saw English-language posts take over feeds almost overnight. Americans introduced themselves with hashtag TikTok refugees, ask me anything attitude and posting photos of their pets to pay their hosts' "cat tax." Parents swapped stories about raising kids and Swifties from both countries, of course, quickly found each other. It's a rare moment of direct contact between two online worlds that are usually kept apart by language, corporate boundaries, and China's strict system of online censorship that blocks access to nearly all international media and social media services... Xiaohongshu's 300 million monthly active users are overwhelmingly Chinese — so much so that parts of its interface have no English-language version... [Press reports suggest about a million of TikTok's 170 million users tried switching to RedNote this week...]

On the platform, two versions of the TikTok refugee hashtag have over 24 million posts, with related posts appearing at the top of many users' feeds. A large number of American users say they've received a warm welcome from the community, with #TikTokrefugee. "Welcome the global villagers" remains the top one trending topic on Xiaohongshu, with 8.9 million views on Thursday. Users from both countries are comparing notes on grocery prices, rent, health insurance, medical bills and the relationship between mother-in-law and daughter-in-law. Parents talk about what the kids learn in school in two countries. Some have already joined book clubs and are building up a community. American users asked how Chinese see the LGBTQ community and got warned that it was among sensitive topics, Chinese users taught Americans what are sensitive topics and key words to avoid censorship on the app. Chinese students pulled out their English homework, looking for help.

Chinese state media, which have long dismissed U.S. allegations against TikTok, have welcomed the protest against the ban. People's Daily [the official newspaper of the Central Committee of the Chinese Communist Party], said in an op-ed about TikTok refugees on Thursday that says the TikTok refugees found a "new home," and "openness, communication, and mutual learning are the unchanging themes of mankind and the heartfelt desires of people from all countries."
Making the most of the moment is Jianlu Bi, who is apparently a senior content producer for Beijing's state-run China Global Television Network, which Wikipedia describes as "under the control of the Central Propaganda Department of the Chinese Communist Party". Friday Jianlu Bi crafted an article claiming "surprising" and "stark contrasts" were revealed: While the United States is often portrayed as a land of limitless opportunity, many American netizens have shared their struggles with high living costs, particularly in urban areas. One common theme is the exorbitant cost of healthcare. "I just got a simple bill for a routine checkup and it was over $500," shared one American user. "I can't imagine what a serious illness would cost! I feel like I'm constantly on the brink of financial ruin due to medical expenses." In contrast, Chinese netizens often express surprise at the affordability of many goods and services in their home country. For instance, the cost of housing, particularly in smaller cities, is often significantly lower in China compared to the United States.... This disparity is often attributed to factors such as government policies, economic development, and cultural differences...

Traditional media narratives often present simplified and often biased portrayals of China and the United States. For example, the U.S. is often portrayed as a land of opportunity with limitless possibilities, while China is sometimes depicted as a country with limited freedoms. Xiaohongshu, on the other hand, provides a platform for ordinary people to share their authentic experiences and perspectives... A Chinese student studying in the U.S. shared, "I was surprised to learn that many of my classmates are working part-time jobs to cover their tuition and living expenses. This is very different from the image of affluent American students I had in my mind. It really opened my eyes to the realities of life for many young people in the U.S."
"As social media continues to evolve, these platforms will undoubtedly play an increasingly important role in shaping global perceptions..." the article concludes.

Article suggested by long-time Slashdot reader hackingbear.

The U.S. Department of the Treasury's OFAC has sanctioned Yin Kecheng and Sichuan Juxinhe Network Technology Co. for their roles in a recent Treasury breach and espionage operations targeting U.S. telecommunications. BleepingComputer reports: "Yin Kecheng has been a cyber actor for over a decade and is affiliated with the People's Republic of China Ministry of State Security (MSS)," reads the Treasury's announcement. "Yin Kecheng was associated with the recent compromise of the Department of the Treasury's Departmental Offices network," says the agency.

OFAC also announced sanctions against Sichuan Juxinhe Network Technology Co., a Chinese cybersecurity firm believed to be directly involved with the Salt Typhoon state hacker group. Salt Typhoon was recently linked to several breaches on major U.S. telecommunications and internet service providers to spy on confidential communications of high-profile targets. "Sichuan Juxinhe Network Technology Co., LTD. (Sichuan Juxinhe) had direct involvement in the exploitation of these U.S. telecommunication and internet service provider companies," the U.S. Treasury explains, adding that "the MSS has maintained strong ties with multiple computer network exploitation companies, including Sichuan Juxinhe." [...]

The sanctions imposed on Kecheng and the Chinese cybersecurity firm under Executive Order (E.O.) 13694 block all property and financial assets located in the United States or are in the possession of U.S. entities, including banks, businesses, and individuals. Additionally, U.S. entities are prohibited from conducting any transactions with the sanctioned entities without OFAC's explicit authorization. It's worth noting that these sanctions come after OFAC sanctioned Beijing-based cybersecurity company Integrity Tech for its involvement in cyberattacks attributed to the Chinese state-sponsored Flax Typhoon hacking group. U.S. Treasury's announcement reiterates that the U.S. Department of State offers, through its Rewards for Justice program, up to $10,000,000 for information leading to uncovering the identity of hackers who have targeted the U.S. government or critical infrastructure in the country.

An anonymous reader quotes a report from the New York Times: A Russian organization linked to the Kremlin's covert influence campaigns posted more than 8,000 political advertisements on Facebook despite European and American restrictions barring companies from doing business with the organization, according to three organizations that track disinformation online. The Russian group, the Social Design Agency, evaded lax enforcement by Facebook to place an estimated $338,000 worth of ads aimed at European users over a period of 15 months that ended in October, even though the platform itself highlighted the threat, the three organizations said in a report released on Friday.

The Social Design Agency has faced punitive sanctions in the European Union since 2023 and in the United States since April for spreading propaganda and disinformation to unsuspecting users on social media. The ad campaigns on Facebook raise "critical questions about the platform's compliance" with American and European laws, the report said. [...] The Social Design Agency is a public relations company in Moscow that, according to American and European officials, operates a sophisticated influence operation known as Doppelganger. Since 2022, Doppelganger has created cartoon memes and online clones of real news sites, like Le Monde and The Washington Post, to spread propaganda and disinformation, often about the war in Ukraine.

[...] The organizations documenting the campaign -- Check First, a Finnish research company, along with Reset.Tech in London and AI Forensics in Paris -- focused on efforts to sway Facebook users in France, Germany, Poland and Italy. Doppelganger has been also linked to influence operations in the United States, Israel and other countries, but those are not included in the report's findings. [...] The researchers estimated that the ads resulted in more than 123,000 clicks by users and netted Meta at least $338,000 in the European Union alone. The researchers acknowledged that the figures provide only one, incomplete example of the Russian agency's efforts. In addition to propagating Russia's views on Ukraine, the agency posted ads in response to major news events, including theHamas attack on Israel on Oct. 7, 2023, and a terrorist attack in a Moscow suburb last March that killed 145 people. The ads would often appear within 48 hours, trying to shape public perceptions of events. After the Oct. 7 attacks, the ads pushed false claims that Ukraine sold weapons to Hamas. The ads reached more than 237,000 accounts over two to three days, "underscoring the operation's capacity to weaponize current events in support of geopolitical narratives," the researcher's report said.

An anonymous reader shares a report: FBI leaders have warned that they believe hackers who broke into AT&T's system last year stole months of their agents' call and text logs, setting off a race within the bureau to protect the identities of confidential informants, a document reviewed by Bloomberg News shows.

FBI officials told agents across the country that details about their use on the telecom carrier's network were believed to be among the billions of records stolen, according to the document and interviews with a current and a former law enforcement official. They asked not to be named to discuss sensitive information. Data from all FBI devices under the bureau's AT&T service for public safety agencies were presumed taken, the document shows.

The cache of hacked AT&T records didn't reveal the substance of communications but, according to the document, could link investigators to their secret sources. The data was believed to include agents' mobile phone numbers and the numbers with which they called and texted, the document shows. Records for calls and texts that weren't on the AT&T network, such as through encrypted messaging apps, weren't part of the stolen data.

Ars Technica's Jon Brodkin reports: AT&T has stopped offering its 5G home Internet service in New York instead of complying with a new state law that requires ISPs to offer $15 or $20 plans to people with low incomes. New York started enforcing its Affordable Broadband Act yesterday after a legal battle of nearly four years. [...] The law requires ISPs with over 20,000 customers in New York to offer $15 broadband plans with download speeds of at least 25Mbps, or $20-per-month service with 200Mbps speeds. The plans only have to be offered to households that meet income eligibility requirements, such as qualifying for the National School Lunch Program, Supplemental Nutrition Assistance Program, or Medicaid. [...]

Ending home Internet service in New York is relatively simple for AT&T because it is outside the 21-state wireline territory in which the telco offers fiber and DSL home Internet service. "AT&T Internet Air is currently available only in select areas and where AT&T Fiber is not available. New York is outside of our wireline service footprint, so we do not have other home Internet options available in the state," the company said. AT&T will continue offering its 4G and 5G mobile service in New York, as the state law only affects home Internet service. People with smartphones or other mobile devices connected to the AT&T wireless network should thus see no change.

Existing New York-based users of AT&T Internet Air can only keep it for 45 days and won't be charged during that time, AT&T said. "During this transition, customers will be able to keep their existing AT&T Internet Air service for up to 45 days, at no charge, as they find other options for broadband. We will work closely with our customers throughout this transition," AT&T said. Residential users will be sent "a recovery kit with instructions on how to return their AIA equipment, while business customers can keep any device they purchased at no charge," AT&T said.

U.S. President Joe Biden has issued a comprehensive cybersecurity executive order, four days before leaving office, mandating improvements to government network monitoring, software procurement, AI usage, and foreign hacker penalties.

The 40-page directive aims to leverage AI's security benefits, implement digital identities for citizens, and address vulnerabilities that have allowed Chinese and Russian intrusions into U.S. government systems. It requires software vendors to prove secure development practices and gives the Commerce Department eight months to establish mandatory cybersecurity standards for government contractors.

Independent developer Sebastian Vogelsang is building a photo-sharing app for the decentralized social network Bluesky, leveraging its AT Protocol and his earlier app, Skeets. The app, called Flashes, will offer features like photo and short video posts while integrating seamlessly with Bluesky. TechCrunch reports: When launched, Flashes could tap into growing consumer demand for alternatives to Big Tech's social media monopoly. [...] To make this work, Flashes simply filters Bluesky's existing timeline for posts with photos and video posts. (In the future, Vogelsang also plans to add metadata to Flashes' posts so Bluesky users would have a way to keep their feeds on Bluesky's main app from being flooded with photo posts if that became a problem.) Flashes didn't take too long to build because it was able to reuse Skeets' existing code. The app will also be able to market to Skeets' existing user base, who have now downloaded the app some 30,500 times to date.

Vogelsang says he's now working to integrate subscription-based features from both his apps so users don't have to pay twice for the premium features, like Skeets' bookmarks, drafts, muting, rich push notifications, and others specific to Flashes. (Both apps are free to use without a subscription, we should note.) Later, Vogelsang says he wants to launch a video-only app, too, called Blue Screen.

At launch, Flashes will support photo posts of up to four images and videos of up to 1 minute in length, just like Bluesky. Users who post to Flashes will also have their posts appear on Bluesky and comments on those posts will also feed back into the app as if it were just another Bluesky client. It will also support Bluesky's direct messages. The developer expects to be able to launch Flashes to the public in a matter of weeks with a TestFlight beta arriving ahead of that. Interested users can follow Flashes' account on Bluesky for further updates. Flashes could satiate the growing demand for alternatives to Big Tech's social media monopoly, especially after Meta CEO Mark Zuckerberg announced that he will end fact-checking on its platforms.

The U.S. Federal Trade Commission sued Deere & Co on Wednesday for allegedly monopolizing the repair market for its farm equipment by forcing farmers to use authorized dealers, driving up costs and causing service delays.

The lawsuit, joined by Illinois and Minnesota, claims Deere maintains complete control over equipment repairs by restricting access to essential software to its dealer network. The action seeks to make repair tools available to equipment owners and independent mechanics. FTC Chair Lina Khan said repair restrictions can be "devastating for farmers" who depend on timely repairs during harvest.

A Google engineer has warned that a major shift in web browser caching is upending long-standing performance optimization practices. Browsers have overhauled their caching systems that forces websites to maintain separate copies of shared resources instead of reusing them across domains.

The new "double-keyed caching" system, implemented to enhance privacy, is ending the era of shared public content delivery networks, writes Google engineer Addy Osmani. According to Chrome's data, the change has led to a 3.6% increase in cache misses and 4% rise in network bandwidth usage.

An anonymous reader quotes a report from TechCrunch, written by Ivan Mehta: Decentralized social network organization Mastodon said Monday that it is planning to create a new nonprofit organization in Europe and hand over ownership of entities responsible for key Mastodon ecosystem and platform components. This means one person won't have control over the entire project. The organization is trying to differentiate itself from social networks controlled by CEOs like Elon Musk and Mark Zuckerberg. While exact details are yet to be finalized, this means that Mastodon's current CEO and creator, Eugen Rochko, will hand over management bits of the organization to the new entity and focus on the product strategy.

The organization said that it will continue to host the mastodon.social and mastodon.online servers, which users can sign up for and join the ActivityPub-based network. Mastodon currently has 835,000 monthly active users spread across thousands of servers. [...] Last year, the company formed a U.S.-based nonprofit to get more funds and grants with Twitter co-founder Biz Stone on the board. At the same time, the organization lost its nonprofit status in Germany. [...] The blog post noted that the new Europe-based nonprofit entity will wholly own the Mastodon GmbH for-profit entity. The organization is in the process of finalizing the place where the new entity will be set up. "We are taking the time to select the appropriate jurisdiction and structure in Europe. Then we will determine which other (subsidiary) legal structures are needed to support operations and sustainability,â Mastodon said in a blog post. "Throughout, we will focus on establishing the appropriate governance and leadership frameworks that reflect the nature and purpose of Mastodon as a whole, and responsibly serve the community."