The Washington Post details a vision of home security "pitched by Sauron, a Silicon Valley start-up boasting a waiting list of tech CEOs and venture capitalists." In the future, your home will feel as safe from intruders as a state-of-the-art military base. Cameras and sensors surveil the perimeter, scanning bystanders' faces for potential threats. Drones from a "deterrence pod" scare off trespassers by projecting a searchlight over any suspicious movements. A virtual view of the home is rendered in 3D and updated in real time, just like a Tesla's digital display. And private security agents monitor alerts from a central hub.... By incorporating technology developed for autonomous vehicles, robotics and border security, Sauron has built a supercharged burglar alarm [argued Sauron co-founder Kevin Hartz, a tech entrepreneur and former partner at Peter Thiel's venture firm Founders Fund]...

For many tech elites, security is both a national priority and a growing concern in their personal lives... After the presidential election last month, the start-up incubator Y Combinator put out a request for "public safety technology" companies, such as those that produce tools that facilitate a neighborhood watch or technology that uses computer vision to identify "suspicious activities or people in distress from video feeds...." Sauron has raised $18 million in funding from executives behind Flock Safety and Palantir, the data analytics firm, [and] defense tech investors such as 8VC, a venture firm started by Palantir co-founder Joe Lonsdale... Sauron is targeting homeowners at the high end of the real estate market, beginning with a private event at Abraham's home on Thursday, during Art Basel Miami Beach, the annual art exhibition that attracts collectors from around the world. The company plans to launch in San Francisco early next year, before expanding to Los Angeles and Miami...

Big Tech companies haven't deployed tools such as facial recognition as aggressively as Hartz would like. "If somebody comes onto my property, I feel like I should know who that is," Hartz said... In recent years massive investments have driven down the cost of drones, high-resolution cameras and lidar sensors, which use light detection to create 3D maps. Sauron uses lower-cost hardware and tools like facial recognition, combined with custom-built software adapted for residential use. For facial recognition, it will use a third-party service called Paravision... Sauron is still figuring out how to incorporate drones, but it is already imagining more aggressive countermeasures, Hartz said. "Is it a machine that could take out a bad actor with a bullet or something?"

China-linked spies may still be lurking in U.S. telecommunications networks — but the breach could be much, much wider. In fact, a "couple dozen" countries were hit by the attack, the Wall Street Journal reported this week, citing a top U.S. national security adviser. "Chinese government hackers have compromised telecommunications infrastructure across the globe as part of a massive espionage campaign..." Speaking during a press briefing Wednesday, Anne Neuberger, President Biden's deputy national security adviser for cyber and emerging technology, said the so-called Salt Typhoon campaign is ongoing and that at least eight telecommunications firms in the U.S. had been breached... The Journal previously identified Verizon, AT&T, T-Mobile and Lumen Technologies among the victims... [M]etadata grabs appeared to be "regional" in focus, and were likely a means to identify phone lines of valuable senior government officials, which the hackers then targeted to steal encrypted text messages and listen in on some phone calls, the official said... President-elect Donald Trump, Vice President-elect JD Vance, senior congressional staffers and an array of U.S. security officials were among scores of individuals to have their calls and texts directly targeted, an intelligence-collection coup that likely ensnared their private communications with thousands of Americans, the Journal has reported.

The senior administration official said the global tally of countries victimized was currently believed to be in the "low, couple dozen" but didn't give a precise figure. The global campaign of hacking activity dates back at least a year or two, the official said.
"Neuberger, on the press briefing, said that it wasn't believed that classified communications were accessed in the breaches."

"OpenAI is partnering with defense tech company Anduril," wrote the Verge this week, noting that OpenAI "used to describe its mission as saving the world." It was Anduril founder Palmer Luckey who advocated for a "warrior class" and autonomous weapons during a talk at Pepperdine University, saying society's need people "excited about enacting violence on others in pursuit of good aims." The Verge notes it's OpenAI's first partnership with a defense contractor "and a significant reversal of its earlier stance towards the military." OpenAI's terms of service once banned "military and warfare" use of its technology, but it softened its position on military use earlier this year, changing its terms of service in January to remove the proscription.
Hours after the announcement, some OpenAI employees "raised ethical concerns about the prospect of AI technology they helped develop being put to military use," reports the Washington Post. "On an internal company discussion forum, employees pushed back on the deal and asked for more transparency from leaders, messages viewed by The Washington Post show." OpenAI has said its work with Anduril will be limited to using AI to enhance systems the defense company sells the Pentagon to defend U.S. soldiers from drone attacks. Employees at the AI developer asked in internal messages how OpenAI could ensure Anduril systems aided by its technology wouldn't also be directed against human-piloted aircraft, or stop the U.S. military from deploying them in other ways. One OpenAI worker said the company appeared to be trying to downplay the clear implications of doing business with a weapons manufacturer, the messages showed. Another said that they were concerned the deal would hurt OpenAI's reputation, according to the messages...

OpenAI executives quickly acknowledged the concerns, messages seen by The Post show, while also writing that the company's work with Anduril is limited to defensive systems intended to save American lives. Other OpenAI employees in the forum said that they supported the deal and were thankful the company supported internal discussion on the topic. "We are proud to help keep safe the people who risk their lives to keep our families and our country safe," OpenAI CEO Sam Altman said in a statement...

[OpenAI] has invested heavily in safety testing, and said that the Anduril project was vetted by its policy team. OpenAI has held feedback sessions with employees on its national security work in the past few months, and plans to hold more, Liz Bourgeois, an OpenAI spokesperson said. In the internal discussions seen by The Post, the executives stated that it was important for OpenAI to provide the best technology available to militaries run by democratically-elected governments, and that authoritarian governments would not hold back from using AI for military uses. Some workers countered that the United States has sold weapons to authoritarian allies. By taking on military projects, OpenAI could help the U.S. government understand AI technology better and prepare to defend against its use by potential adversaries, executives also said.
"The debate inside OpenAI comes after the ChatGPT maker and other leading AI developers including Anthropic and Meta changed their policies to allow military use of their technology," the article points out. And it also notes another concern raised in OpenAI's internal discussion forum.

The comment said "that defensive use cases still represented militarization of AI, and noted that the fictional AI system Skynet, which turns on humanity in the Terminator movies, was also originally designed to defend against aerial attacks on North America.

"SpaceX has launched 20 of its Starlink satellites up into Earth's orbit, enabling direct-to-cellphone connectivity for subscribers anywhere on the planet," reports the tech blog New Atlas. That completes the constellation's first orbital shell, following a launch of an initial batch of six satellites for testing back in January. The satellites were launched with a Falcon 9 rocket from California's Vandenberg Space Force Base on December 5 at 10 PM EST; they were then deployed in low Earth orbit. SpaceX founder Elon Musk noted on X that the effort will "enable unmodified cellphones to have internet connectivity in remote areas." He added a caveat for the first orbital shell — "Bandwidth per beam is only ~10 Mb, but future constellations will be much more capable...."

The big deal with this new venture is that unlike previous attempts at providing satellite-to-phone service, you don't need a special handset or even a specific app to get access anywhere in the world. Starlink uses standard LTE/4G protocols that most phones are compatible with, partners with mobile operators like T-Mobile in the U.S. and Rogers in Canada, and has devised a system to make its service work seamlessly with your phone when it's connecting to satellites 340 miles (540 km) above the Earth's surface. The SpaceX division noted it's also worked out latency constraints, ideal altitudes and elevation angles for its satellites, along with several other parameters, to achieve reliable connectivity. Each satellite has an LTE modem on board, and these satellites plug into the massive constellation of 6,799 existing Starlink spacecraft, according to Space.com.

Connecting to that larger constellation happens via laser backhaul, where laser-based optical communication systems transmit data between satellites. This method leverages the advantages of lasers over traditional radio frequency communications, enabling data rates up to 100 times faster, increased bandwidth, and improved security.
The direct-to-cell program was approved last month, the article points out — but it's ready to ramp up. "You'll currently get only text service through the end of 2024; voice and data will become available sometime next year, as will support for IoT devices (such as smart home gadgets). The company hasn't said how much its service will cost. " (They also note there's already competing services from Lynk, "which has satellites in orbit and launched in the island nation of Palau back in 2023, and AST SpaceMobile, which also has commercial satellites in orbit and contracts with the U.S. government, Europe, and Japan.")

Elon Musk's announcement on X.com prompted this interesting exchange:

X.com User: You've stated that purchasing Starlink goes toward funding the journey to Mars, yes?

Elon Musk: Yes.

Nuclear rods are traditionally clad in metal. But a U.S. energy company wants to develop a better, safer alternative that instead uses silicon carbide composites. Working with America's Energy Department, General Atomics Electromagnetic Systems just completed a 120-day irradiation testing period simulating the intense radiation and extreme temperatures (3,452F) of a pressurized water reactor in a real-world nuclear power plant.

And the tests "showed no significant mass change, indicating promising performance," the company said in a statement. "This indicates that the SiGA cladding is exceptionally resistant to the damaging effects of radiation." Long-time Slashdot reader fahrbot-bot shared this report from the Interesting Engineering blog: "This success is a key milestone on SiGA cladding's development path to enhance the safety of the existing U.S. fleet of light water reactors," added Scott Forney, president of GA-EMS. "It could also do the same for the future generation of advanced nuclear power systems." This advanced material offers significant advantages over traditional metal cladding. It can withstand temperatures up to 1900 degreesC (3452 degreesF), far exceeding the limits of current materials. This enhanced heat resistance is crucial for improving safety margins in nuclear reactors. Moreover, the company claims that in case of any accident, SiGA cladding is designed to maintain its integrity at temperatures where traditional cladding might fail. This could prevent the release of radioactive materials and significantly improve overall reactor safety.

Furthermore, SiGA cladding offers performance benefits. It enables higher power operation and longer fuel lifetimes. This translates to increased efficiency and reduced costs for nuclear power plants...

The design, safety, and installation of new nuclear reactors have been a prime subject for research. Recently, France-based Newcleo applied to the United Kingdom's Department of Energy Security and Net Zero (DESNZ) to enter its lead-cooled small modular reactor for generating fission energy in the generic design assessment phase. Newcleo's SMR can operate at atmospheric pressure, and the company also states that no significant energy release occurs in cases of vessel failure. This also eliminates the need for high-pressure-resistant containment.
The article notes that General Atomics's collaboration with the U.S. Energy Department is "part of the Accident Tolerant Fuel Program, a national effort to improve the safety and performance of nuclear reactors."

"TikTok has lost its bid to strike down a law that could result in the platform being banned in the United States," reports CNN.

A U.S. federal appeals court just unanimously ruled in favor of the new U.S. law requiring TikTok's China-based owners to either sell the app next month or face an effective ban in the United States. Denying TikTok's argument that the law was unconstitutional, the judges found that the law does not "contravene the First Amendment to the Constitution of the United States," nor does it "violate the Fifth Amendment guarantee of equal protection of the laws"... After the [January 25] deadline, U.S. app stores and internet services could face hefty fines for hosting TikTok if it is not sold. (Under the legislation, President Biden may issue a one-time extension of the deadline.)

In a statement, TikTok indicated it would appeal the decision. "The Supreme Court has an established historical record of protecting Americans' right to free speech, and we expect they will do just that on this important constitutional issue," said company spokesperson Michael Hughes. "Unfortunately, the TikTok ban was conceived and pushed through based upon inaccurate, flawed and hypothetical information, resulting in outright censorship of the American people. The TikTok ban, unless stopped, will silence the voices of over 170 million Americans here in the US and around the world on January 19th, 2025"....

"People in the United States would remain free to read and share as much PRC propaganda (or any other content) as they desire on TikTok or any other platform of their choosing," the judges said. "What the Act targets is the PRC's ability to manipulate the content covertly. Understood in that way, the Government's justification is wholly consonant with the First Amendment."
The judges also wrote that "in part precisely because of the platform's expansive reach, Congress and multiple Presidents determined that divesting it from the PRC's control is essential to protect our national security... Congress judged it necessary to assume that risk given the grave national-security threats it perceived."

CNN notes that ByteDance "has previously indicated it will not sell TikTok."

Mozilla's developer blog is announcing "JavaScriptmas". [F]rom December 1st to December 24th, we will release a fun, daily coding challenge for you to solve on [code-learning platform] Scrimba. Each challenge comes with an introductory screencast called "scrim", some starter code, and then it's your turn to fill in the gaps.

JavaScriptmas is about coding, learning, and the chance to win exciting prizes. Two lucky coders will be chosen as winners at the end of JavaScriptmas, and each will win a MacBook Air M3, swag from MDN and Scrimba, and a lifetime Scrimba Pro membership (worth ~$200 per year). The Scrimba membership will give you access to all courses, including the Frontend Developer Career Path based on the MDN curriculum.

Most of the challenges will evolve around JavaScript algorithms. You will also practice subjects like DOM manipulation, UI design, CSS, accessibility, and even a bit of cyber security. The challenges are a collaborative effort from Scrimba teachers, mentors, and MDN content writers, all with the goal of turning you into a more well-rounded web developer.

Winners will be chosen randomly from everyone who submits correct solutions. We want JavaScriptmas to be accessible for both beginners and experienced developers alike. That said, the more challenges you solve, the better your chances of winning! To maximize your chances, try to solve all 24 challenges and submit them as both regular entries and social entries. You don't have to submit your solutions on the same day they're published — the deadline for any submission is midnight UTC on Christmas Eve.

The Solana JavaScript SDK "was temporarily compromised yesterday in a supply chain attack," reports BleepingComputer, "with the library backdoored with malicious code to steal cryptocurrency private keys and drain wallets." Solana offers an SDK called "@solana/web3.js" used by decentralized applications (dApps) to connect and interact with the Solana blockchain. Supply chain security firm Socket reports that Solana's Web3.js library was hijacked to push out two malicious versions to steal private and secret cryptography keys to secure wallets and sign transactions... Solana confirmed the breach, stating that one of their publish-access accounts was compromised, allowing the attackers to publish two malicious versions of the library... Solana is warning developers who suspect they were compromised to immediately upgrade to the latest v1.95.8 release and to rotate any keys, including multisigs, program authorities, and server keypairs...

Once the threat actors gain access to these keys, they can load them into their own wallets and remotely drain all stored cryptocurrency and NFTs... Socket says the attack has been traced to the FnvLGtucz4E1ppJHRTev6Qv4X7g8Pw6WPStHCcbAKbfx Solana address, which currently contains 674.86 Solana and varying amounts of the Irish Pepe , Star Atlas, Jupiter, USD Coin, Santa Hat, Pepe on Fire, Bonk, catwifhat, and Genopets Ki tokens. Solscan shows that the estimated value of the stolen cryptocurrency is $184,000 at the time of this writing.

For anyone whose wallets were compromised in this supply chain attack, you should immediately transfer any remaining funds to a new wallet and discontinue the use of the old one as the private keys are now compromised.
Ars Technica adds that "In social media posts, one person claimed to have lost $20,000 in the hack."

The compromised library "receives more than ~350,000 weekly downloads on npm," Socket posted. (Although Solana's statement says the compromised versions "were caught within hours and have since been unpublished."

The Carnegie Endowment for Peace, a nonpartisan international affairs think tank, points out that when subsea internet cables were cut in November, Europe was more prepared: Where in the past there were no contingency plans for sabotage, there are now more maritime patrols, an attempt to forge deeper intelligence connections, and the beginnings of a new relationship with the private sector...

Even before the October 2023 incident, NATO, the EU, and certain European governments began to increase their efforts to boost subsea cable resilience and security. In February 2023, NATO stood up a new Critical Undersea Infrastructure Coordination Cell in Brussels to convene stakeholders and enhance coordination between the public and private sectors. In July 2023, NATO allies at the Vilnius Summit established a Maritime Center for the Security of Critical Undersea Infrastructure as part of the alliance's Maritime Command in Northwood, UK. In October 2023, after the first incident, NATO defense ministers endorsed a new Digital Ocean Vision, an initiative aimed at improving undersea surveillance. And in February 2024, the European Commission released its first "Recommendation on Secure and Resilient Submarine Cable Infrastructures," encouraging member states to conduct regular stress tests, improve information sharing amongst themselves, and improve cable maintenance and repair capabilities.
The article points out that the Chinese ship suspected in the 2023 cable cutting "ignored requests from Finnish and Estonian authorities to halt" and returned to China. But the Chinese ship suspected in November's cable-cutting "remains in international waters in the Kattegat, with naval and coast guard vessels from Denmark, Germany, and Sweden circling close by." Yet "Under international maritime law, these countries' authorities are not allowed to board..." Current provisions of international law are neither formulated to adequately protect subsea data cables from sabotage nor hold perpetrators accountable. This reality should lead the EU, as a body inherently focused on the resilience of international legal regimes, to push for updates that are better suited for the current geopolitical reality... Lawmakers should also explore ways to increase penalties for subsea cable damage, in part to deter acts of sabotage in the first place....

A forthcoming Carnegie Endowment report will detail more in-depth recommendations on how Europe can both protect itself against future subsea cable damage and help expand trusted networks around the world.
The article also notes that "Of the hundreds of disruptions to cables that occur each year, the vast majority are caused by accidental human activity, like fishing, or natural events, like earthquakes."

Bruce Perens wrote the original Open Source definition back in 1997, and then co-founded the Open Source Initiative with Eric Raymond in 1998. But after resigning from the group in 2020, Perens is now diligently developing an alternative he calls "Post Open" to "meet goals that Open Source fails at today" — even providing a way to pay developers for their work.

To make it all happen, he envisions software developers owning (and controlling) a not-for-profit corporation developing a body of software called "the Post Open Collection" and collecting its licensing fees to distribute among developers. The hope? To "make it possible for an individual developer to stay at home and code all day, and make their living that way without having to build a company."

The not-for-profit entity — besides actually enforcing its licensing — could also:

• Provide tech support, servicing all Post-Open software through one entity.
• Improve security by providing developers with cryptographic-hardware-backed authentication guaranteeing secure software chain-of-custody.
• Handle onerous legal requirements like compliance with the EU Cyber Resilience Act "on behalf of all developers in the Post Open Collection".
• Compensate documentation writers.
• Fund lobbying on behalf of developers, along with advocacy for their software's privacy-preserving features.

"We've started to build the team," Perens said in a recent interview, announcing weeks ago that attorneys are already discussing the structure of the future organization and its proposed license.

But what do you think? Perens has agreed to answer questions from Slashdot readers...

He's also Slashdot reader #3,872. (And Perens is also an amateur radio operator, currently on the board of M17 — a community of open source developers and radio enthusiasts — and in general support of Open Source and Amateur Radio projects through his non-profit HamOpen.org.) But more importantly, Perens "was the person to announce 'Open Source' to the world," according to his official site. Now's your chance to ask him about his next new big idea...

Ask as many questions as you'd like, but please, one per comment. We'll pick the very best questions — and forward them on to Bruce Perens himself to answer!

UPDATE: Bruce Perens has answered your questions!

A ransomware attack on the multinational Stoli Group in August helped push two of the vodka-maker's U.S. subsidiaries into bankruptcy, according to the company's CEO. From a report: In a Texas bankruptcy court filing on November 29, CEO Chris Caldwell attributed a range of external factors to the financial woes of Stoli Group USA and Kentucky Owl (KO) -- which are facing $84 million in debt. But one of the most prominent was a ransomware attack this year that damaged the parent company's IT system.

"In August 2024, the Stoli Group's IT infrastructure suffered severe disruption in the wake of a data breach and ransomware attack," Caldwell said in the filing. "The attack caused substantial operational issues throughout all companies within the Stoli Group, including Stoli USA and KO, due to the Stoli Group's enterprise resource planning (ERP) system being disabled and most of the Stoli Group's internal processes (including accounting functions) being forced into a manual entry mode." Caldwell said the systems will be restored âoeno earlier than in the first quarter of 2025.â

The long-running Advent of Code site just entered its 10th year, with 162,809 people completing both of its Day One puzzles (which involve a hunt for the missing historian of the North Pole). But its not the only site offering Christmas-themed programming puzzles:

• Hundreds of SQL lovers are trying the daily challenges from the "Advent of SQL" site.

• You can sign up for daily emails with webdev challenges from the Advent of JavaScript and Advent of CSS sites.

• The "Advent of No-Code" site challenges you to build something new every day using no-code tools like AI-powered dev environments or the social coding site Val Town.

• TryHackMe.com is publishing "beginner-friendly, daily gamified cyber security challenges" in an event they're calling the "Advent of Cyber."

• And Norway's biggest chess club (founded by world champion Magnus Carlsen) has even launched a site with daily chess puzzles called — what else? — Advent of Chess. (It promises at the end of the event someone will win a chessboard signed by Magnus Carlsen).

An anonymous reader shared this report from NBC News: Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers...

In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China's intercepting their communications. "Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," Greene said. The FBI official said, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for email, social media and collaboration tool accounts...

The FBI and other federal law enforcement agencies have a complicated relationship with encryption technology, historically advocating against full end-to-end encryption that does not allow law enforcement access to digital material even with warrants. But the FBI has also supported forms of encryption that do allow some law enforcement access in certain circumstances.
Officials said the breach seems to include some live calls of specfic targets and also call records (showing numbers called and when). "The hackers focused on records around the Washington, D.C., area, and the FBI does not plan to alert people whose phone metadata was accessed."

"The scope of the telecom compromise is so significant, Greene said, that it was 'impossible" for the agencies "to predict a time frame on when we'll have full eviction.'"

China-linked spies are still lurking inside U.S. telecommunications networks roughly six months after American officials started investigating the intrusions, senior officials told reporters Tuesday. From a report: This is the first time U.S. officials have confirmed reports that Salt Typhoon hackers still have access to critical infrastructure -- and they're proving difficult to kick out. Officials added that they don't yet know the full scope of the intrusions, despite starting the investigation in late spring.

The Cybersecurity and Infrastructure Security Agency and FBI released guidance Tuesday for the communications sector to harden their networks against Chinese state-sponsored hackers. The guide includes basic steps like maintaining logs of activity on the network, keeping an inventory of all devices in the telecom's environment and changing any default equipment passwords. The hack has given Salt Typhoon unprecedented access to records from U.S. telecommunications networks about who Americans are communicating with, a senior FBI official told reporters during a briefing.

The Federal Trade Commission on Tuesday announced sweeping action against some of the most important companies in the location data industry, including those that power surveillance tools used by a wide spread of U.S. law enforcement agencies and demanding they delete data related to certain sensitive areas like health clinics and places of worship. From a report: Venntel, through its parent company Gravy Analytics, takes location data from smartphones, either through ordinary apps installed on them or through the advertising ecosystem, and then provides that data feed to other companies who sell location tracking technology to the government or sells the data directly itself.

Venntel is the company that provides the underlying data for a variety of other government contractors and surveillance tools, including Locate X. 404 Media and a group of other journalists recently revealed Locate X could be used to pinpoint phones that visited abortion clinics. The FTC says in a proposed order that Gravy and Venntel will be banned from selling, disclosing, or using sensitive location data, except in "limited circumstances" involving national security or law enforcement.

The cyber risks facing the United Kingdom are being "widely underestimated," the country's new cyber chief will warn on Tuesday as he launches the National Cyber Security Centre's (NCSC) annual review. From a report: In his first major speech since joining the NCSC -- part of the signals and cyber intelligence agency GCHQ -- Richard Horne will drive a shift in tone in how the cybersecurity agency communicates these risks. Despite some evidence showing cyberattacks growing year-on-year for half a decade, the NCSC has not previously confirmed the trend nor expressed alarm about it.

"What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us," Horne will say, according to an advance preview of his speech on Tuesday. Citing the intelligence that NCSC has access to as an agency within GCHQ, Horne will warn that "hostile activity in UK cyberspace has increased in frequency, sophistication and intensity," adding that despite growing activity from Russian and Chinese threat actors, the agency believes British society as a whole is failing to appreciate the severity of the risk. The annual review reveals that the agency's incident management team handled a record number of cyber incidents over the past 12 months -- 430 compared to 371 last year -- 89 of which were considered nationally significant incidents.

China banned exports of minerals and metals used in semiconductor manufacturing and military applications to the United States on Tuesday, escalating tensions in the growing technology trade war between the world's two largest economies.

The commerce ministry halted shipments of gallium, germanium, antimony and related compounds, citing national security concerns. These materials are crucial components in advanced electronics and military hardware, with China controlling 98% of global gallium production and 60% of germanium output, according to U.S. Geological Survey data. The move comes in direct response to Washington's new restrictions on semiconductor exports to China, including controls on high-bandwidth memory chips used in AI systems and limits on manufacturing equipment sales.

An anonymous reader shared this report from Reuters: The rapid increase in satellites and space junk will make low Earth orbit unusable unless companies and countries cooperate and share the data needed to manage that most accessible region of space, experts and industry insiders said. A United Nations panel on space traffic coordination in late October determined that urgent action was necessary and called for a comprehensive shared database of orbital objects as well as an international framework to track and manage them. More than 14,000 satellites including some 3,500 inactive surround the globe in low Earth orbit, showed data from U.S.-based Slingshot Aerospace. Alongside those are about 120 million pieces of debris from launches, collisions and wear-and-tear of which only a few thousand are large enough to track... [T]here is no centralised system that all space-faring nations can leverage and even persuading them to use such a system has many obstacles. Whereas some countries are willing to share data, others fear compromising security, particularly as satellites are often dual-use and include defence purposes. Moreover, enterprises are keen to guard commercial secrets.

In the meantime, the mess multiplies. A Chinese rocket stage exploded in August, adding thousands of fragments of debris to low Earth orbit. In June, a defunct Russian satellite exploded, scattering thousands of shards which forced astronauts on the International Space Station to take shelter for an hour... Projections point to tens of thousands more satellites entering orbit in the coming years. The potential financial risk of collisions is likely to be $556 million over five years, based on a modelled scenario with a 3.13% annual collision probability and $111 million in yearly damages, said Montreal-based NorthStar Earth & Space...

[Aarti Holla-Maini, director of the U.N . Office for Outer Space Affairs], said the October panel aimed to bring together public- and private-sector experts to outline steps needed to start work on coordination. It will present its findings at a committee meeting next year. Global cooperation is essential to developing enforceable rules akin to those used by the International Civil Aviation Organization for air traffic, industry experts told Reuters. Such effort would involve the use of existing tools, such as databases, telescopes, radars and other sensors to track objects while improving coverage, early detection and data precision. Yet geopolitical tension and reluctance to share data with nations deemed unfriendly as well as commercial concerns over protecting proprietary information and competitive advantages remain significant barriers. That leaves operators of orbital equipment relying on informal or semi-formal methods of avoiding collisions, such as drawing on data from the U.S. Space Force or groups like the Space Data Association. However, this can involve issues such as accountability and inconsistent data standards.

"The top challenges are speed — as consensus-building takes time — and trust," Holla-Maini said. "Some countries simply can't communicate with others, but the U.N. can facilitate this process. Speed is our biggest enemy, but there's no alternative. It must be done."
Data from Slingshot Aerospace shows a 17% rise in close approaches per satellite over the past year, according to the article. (It adds that SpaceX data "showed Starlink satellites performed nearly 50,000 collision-avoidance manoeuvres in the first half of 2024, about double the previous six months...)

The European Space Agency, which has fewer spacecraft than SpaceX, said in 2021 its manoeuvres have increased to three or four times per craft versus a historical average of one."

Bluesky (Slashdot is on Bluesky here and Threads here) now has more active website users than Threads in the U.S., according to a graph from the Financial Times. And though Threads still leads in app usage, "Prior to November 5 Threads had five times more daily active users in the U.S. than Bluesky... Now, Threads is only 1.5 times larger than its rival, Similarweb said."

But "the influx of new users has opened up new opportunities for scammers and impersonators," Engadget reported this week: A recent analysis by Alexios Mantzarlis, director of the Security Trust and Safety Initiative at Cornell Tech found that 44 percent of the top 100 most-followed accounts on Bluesky had at least one "doppelganger," with most looking like "cheap knock-offs of the bigger account, down to the same bio and profile picture," Mantzarlis wrote in his newsletter Faked Up.
The article highlighted issues with Bluesky's loose account verification policies. And then, Bluesky announced a new change-of-policy Friday. Engadget reports: The Bluesky Safety account said that the social media service is removing accounts that are impersonating other people and those squatting on handles... Bluesky now requires parody, satire or fan accounts to label themselves as such in both their handles and their bio. If they don't, or if they only indicate the nature of their account in one of those elements, then they'll be treated as an impersonator and will be removed from the platform. Bluesky now explicitly prohibits identity churning, as well. Accounts that start as impersonators with the purpose of gaining new users, and who then switch to a different identity in an attempt to circumvent the ban, will still get booted off the app. Finally, it says it's exploring "additional options to enhance account verification," though they're not quite ready for rollout.
Bluesky says they've "quadrupled the size of our moderation team, in part to action impersonation reports more quickly. We still have a large backlog of moderation reports due to the influx of new users as we shared previously, though we are making progress." And in addition, "We are working behind the scenes to help many organizations and high-profile individuals set up their verified domain handles."

And there's another problem. "The EU's executive arm on Monday said Bluesky didn't provide information it was required to share under the bloc's Digital Services Act," reports Bloomberg. Bluesky responded that it's working to comply, " consulting with its lawyer to follow the EU's information disclosure rules, a Bluesky spokesperson wrote on Tuesday in an email." "All platforms in the EU have to have a dedicated page on their websites where it says how many user numbers they have in the EU and where they are legally established," Thomas Regnier, the commission's spokesperson on digital matters, told reporters. "This is not the case with Bluesky, so this is not followed...."

Under the DSA, platforms with more than 45 million users in the bloc qualify as "very large online platforms" and need to follow stricter content moderation rules under the commission's supervision. Breaches can result in fines of up to 6% of their global annual sales... Smaller platforms are still required to comply with the law, but are regulated by the EU country where they have a legal presence. That's so far unclear in the case of Bluesky, which was created expressly to avoid a centralized ownership structure.

The commission asked EU member countries' national authorities to investigate "and see if they can find any trace of Bluesky" in their jurisdictions, Regnier said

"Spacecraft, satellites, and space-based systems all face cybersecurity threats that are becoming increasingly sophisticated and dangerous," reports CNBC.

"With interconnected technologies controlling everything from navigation to anti-ballistic missiles, a security breach could have catastrophic consequences." Critical space infrastructure is susceptible to threats across three key segments: in space, on the ground segment and within the communication links between the two. A break in one can be a cascading failure for all, said Wayne Lonstein, co-founder and CEO at VFT Solutions, and co-author of Cyber-Human Systems, Space Technologies, and Threats. "In many ways, the threats to critical infrastructure on Earth can cause vulnerabilities in space," Lonstein said. "Internet, power, spoofing and so many other vectors that can cause havoc in space," he added. The integration of artificial intelligence into space projects has heightened the risk of sophisticated cyber attacks orchestrated by state actors and individual hackers. AI integration into space exploration allows more decision-making with less human oversight.

For example, NASA is using AI to target scientific specimens for planetary rovers. However, reduced human oversight could make these missions more prone to unexplained and potentially calamitous cyberattacks, said Sylvester Kaczmarek, chief technology officer at OrbiSky Systems, which specializes in the integration of AI, robotics, cybersecurity, and edge computing in aerospace applications. Data poisoning, where attackers feed corrupted data to AI models, is one example of what could go wrong, Kaczmarek said. Another threat, he said, is model inversion, where adversaries reverse-engineer AI models to extract sensitive information, potentially compromising mission integrity. If compromised, AI systems could be used to interfere with or take control of strategically important national space missions...

The U.S. government is tightening up the integrity and security of AI systems in space. The 2023 Cyberspace Solarium Commission report stressed the importance of designating outer space as a critical infrastructure sector, urging enhanced cybersecurity protocols for satellite operators... The rivalry between the U.S. and China includes the new battleground of space. As both nations ramp up their space ambitions and militarized capabilities beyond Earth's atmosphere, the threat of cyberattacks targeting critical orbital assets has become an increasingly pressing concern... Space-based systems increasingly support critical infrastructure back on Earth, and any cyberattacks on these systems could undermine national security and economic interests.