At I/O 2023 earlier this week, Google announced that it's expanding its AI chatbot Google Bard to 180 countries. However, what Google didn't mention is that Bard still isn't available in the European Union. From a report: On a support page, Google details the full list of 180 countries in which Bard is now available. This includes countries all over the globe, but very noticeably not any countries that are a part of the European Union. It's a big absence from what is otherwise a global expansion for Google's AI. The reason why isn't officially stated by Google, but it seems reasonable to believe that it's related to GDPR. Just last month, Italy briefly banned ChatGPT over similar concerns that the AI couldn't comply with the regulations. Google also slyly hints this might be the case saying that further Bard expansions will be made "consistent with local regulations."

An anonymous reader shares an excerpt from a Motherboard article: Now, frustrated with a lack of transparency and trust around official accounts of UFO phenomena, a team of developers has decided to take matters into their own hands with an open source citizen science project called Sky360, which aims to blanket the earth in affordable monitoring stations to watch the skies 24/7, and even plans to use AI and machine learning to spot anomalous behavior. Unlike earlier 20th century efforts such as inventors proposing "geomagnetic detectors" to discover nearby UFOs, or more recent software like the short-lived UFO ID project, Sky360 hopes that it can establish a network of autonomously operating surveillance units to gather real-time data of our skies. Citizen-led UFO research is not new. Organizations like MUFON, founded in 1969, have long investigated sightings, while amateur groups like the American Flying Saucer Investigating Committee of Columbus even ran statistical analysis on sightings in the 1960s (finding that most of them happened on Wednesdays). However, Sky360 believes that the level of interest and the technology have now both reached an inflection point, where citizen researchers can actually generate large-scale actionable data for analysis all on their own.

The Sky360 stations consist of an AllSkyCam with a wide angle fish-eye lens and a pan-tilt-focus camera, with the fish-eye camera registering all movement. Underlying software performs an initial rough analysis of these events, and decides whether to activate other sensors -- and if so, the pan-tilt-focus camera zooms in on the object, tracks it, and further analyzes it. According to developer Nikola Galiot, the software is currently based on a computer vision "background subtraction" algorithm that detects any motion in the frame compared to previous frames captured; anything that moves is then tracked as long as possible and then automatically classified. The idea is that the more data these monitoring stations acquire, the better the classification will be. There are a combination of AI models under the hood, and the system is built using the open-source TensorFlow machine learning platform so it can be deployed on almost any computer. Next, the all-volunteer team wants to create a single algorithm capable of detection, tracking and classification all in one.

All the hardware components, from the cameras to passive radar and temperature gauges, can be bought cheaply and off-the-shelf worldwide -- with the ultimate goal of finding the most effective combinations for the lowest price. Schematics, blueprints, and suggested equipment are all available on the Sky360 site and interested parties are encouraged to join the project's Discord server. There are currently 20 stations set up across the world, from the USA to Canada to more remote regions like the Azores in the middle of the Atlantic [...] Once enough of the Sky360 stations have been deployed, the next step is to work towards real-time monitoring, drawing all the data together, and analyzing it. By striving to create a huge, open, transparent network, anyone would be free to examine the data themselves.

In June of this year, Sky360, which has a team of 30 volunteer developers working on the software, hopes to release its first developer-oriented open source build. At its heart is a component called 'SimpleTracker', which receives images frame by frame from the cameras, auto-adjusting parameters to get the best picture possible. The component determines whether something in the frame is moving, and if so, another analysis is performed, where a machine learning algorithm trained on the trajectories of normal flying objects like planes, birds, or insects, attempts to classify the object based on its movement. If it seems anomalous, it's flagged for further investigation.

A study commissioned by Meta has found that the metaverse could contribute around 2.4% to U.S. annual GDP by 2035, equating to as much as $760 billion. Reuters reports: The concept of the metaverse includes augmented and virtual reality technologies that allow users to immerse themselves in a virtual world or overlay information digitally on images of the real world, according to the report by consulting firm Deloitte. Economic gains may come from the use of the technologies in the defense, medical and manufacturing sectors, plus entertainment use cases such as video games and communication, the report said.

Social media giant Meta, which pivoted its focus on building metaverse technologies in 2021, has forecast the tech would eventually replace mobile as the main computing platform. In a separate report, Meta said the European Union may see an increased economic opportunity of up to 489 billion euros ($538.29 billion) in annual GDP by 2035 or about 1.3%-2.4% of its total GDP. The metaverse could contribute between C$45.3 billion ($33.88 billion) and C$85.5 billion to Canada's annual GDP by 2035, Deloitte said. Last year, a Meta-funded report estimated that metaverse adoption would contribute $3.01 trillion by 2031.

The Today show's food reporter delivers a strange report on a viral AI-generated ad "for an imaginary pizza place called 'Pepperoni Hug Spot'."

Everything looks slightly ... off. Generated by AI, the audience is reminded constantly through the uncanny valley that the people aren't real — and neither is the pizza. "Cheese, pepperoni, vegetable, and more secret things," says the voiceover, which is also artificially generated... "Knock, knock, who's there? Pizza magic," the AI narrator says after a delivery driver (whose steering column is on the left side of his car) is shown delivering a pizza.

"Eat Pepperoni Hug Spot pizza. Your tummy say 'Thank you.' Your mouth say, 'Mmm,'" the ad continues while showing a trio of women eating pizza in the oddest possible fashion, complete with bizarre cheese pulls and facial contortions out of a food-based nightmare. "Pepperoni Hug Spot: Like family, but with more cheese..."

Using AI technologies Runway Gen2, Chat GPT4, Eleven Labs, Midjourney and Soundraw AI, the creator was able to produce the background music, voiceover, graphics, video and even generate the script for the ad. "I used Adobe After Effects to combine all the elements, adding title cards, transitions, and graphics," he adds... Seeing it spread, he whipped up a website that fit the uncanny vibe of the commercial and even created merch including hats and T-shirts.

"I figured I should capitalize on my 15 minutes of internet fame, right?" he jokes.
Twitter CEO Elon Musk "simply responded with an exploding head emoji."

And Pizza Hut's official Twitter account posted their reaction: "My heebies have been jeebied."

UPDATE: Saturday Pizza Hut Canada "transformed" one of its restaurants into the restaurant from the commercial, emblazoning the logo for Pepperoni Hug Spot onto its boxes, employee t-shirts, and the sign outside. There's two videos on the official Instagram feed for Pizza Hut Canada (which for the occasion changed its tagline to "Like family, but with more cheese.")

One video closes by promising the pizza does, indeed, contain "secret things."

All across North America today, over 2,000 comic book stores are celebrating Free Comic Book Day. As it enters its third decade — the event started in 2001, according to Wikipedia — there'll be over two dozen free comic books to choose from this, and enthusiastic stores trying to dial up the fun even more.

16 stores are also giving away Ant-Man and The Wasp: Quantumania in special "ant-sized" boxes — the size of penny — with tiny versions of the cover art from the full-sized Blu-Ray disc boxes (along with a code for a digital version of the movie). The Bleeding Cool site has a running list of stores doing additional special "cool stuff," including cookie giveaways, discounts on paperbacks and comic books, and personal appearances by comic book writers and artists.

Geek-friendly free comic books this year:

• Dark Horse Comics' Star Wars/ Avatar: The Last Airbender
• D.C. Comics is offering Dawn of DC — Knight Terrors
• Marvel is offering several multi-character books, including Spider-Man/Venom, the Avengers/X-Men, and a sampler of the upcoming graphic novel biography of Stan Lee
• IDW's free comics include the Teenage Mutant Ninja Turtles
• There's also the official prequel to the new Street Fighter 6 video game
• Also available: Runescape: Untold Tales/God Wars
• Fantagraphics even has a preview of its upcoming Fabulous Furry Freak Brothers book.
• Archie Horror Presents: The Cursed Library

Bleeding Cool also has previews the artwork from Star Trek: Prelude to Day of Blood, a teaser for a coming "comic book crossover event between IDW's main Star Trek comic and the Star Trek: Defiant series" (that's also accompanied by a Lower Decks comic book story).

Just remember, in 2017 NPR had this advice for visiting comics fans. "While you're there, buy something... The comics shops still have to pay for the 'free' FCBD books they stock, and they're counting on the increased foot traffic to lift sales."

Sonos and Alphabet's Google will face off in a San Francisco federal trial on Monday over claims that Google copied Sonos' patented smart-speaker technology in wireless audio devices like Google Home and Chromecast Audio. From a report: The case is part of a sprawling intellectual property dispute between the former business partners that includes other lawsuits in the U.S., Canada, France, Germany and the Netherlands. Sonos has asked the court for $90 million in damages from Google in the San Francisco case, down from $3 billion after U.S. District Judge William Alsup narrowed the case, according to a Google court filing. Sonos alleges Google infringed two of its patents related to multi-room wireless audio. Google spokesperson Jose Castaneda said the case relates to "some very specific features that are not commonly used," and that Sonos "mischaracterized our partnership and technology."

An anonymous reader quotes a report from TechCrunch: Growth at $50 billion fintech Stripe has been slowing this year, but one of its key strategies to reverse that course got a decent push today: Stripe is announcing that it has inked a "strategic payments partnership" with Uber. The pair will work together initially on selected services in eight of Uber's biggest markets, including the U.S., the U.K., Canada, Mexico, Australia and Japan. Some context on this deal: Uber's big U.S. rival Lyft has been a longtime marquee customer of Stripe's for payments, and whether or not it was true, that was one reason some assumed Uber and Stripe would not work together. Uber is, however, a much bigger beast, at close to $100 billion transacted annually (Stripe processed $817 billion last year). And Uber is not just a force globally but in the U.S. specifically, where one estimate from YipIt (via WSJ) puts Uber's rideshare market share currently at a whopping 74%.

Lyft will remain a customer of Stripe's, Stripe president Will Gaybrick confirmed to TechCrunch. Financial terms of the deal are not being disclosed, but as with the rest of Stripe's payments business, a big component will come from commissions that Stripe will make from each transaction that it powers on Uber's platform. The Uber partnership, expected to be announced formally later today at Stripe's user conference, comes on the heels of recent enterprise deals Stripe has inked with Amazon, Microsoft and BMW. But this partnership -- for now at least -- is not a global adoption of all that Stripe has to offer. Uber will be using Stripe to break into a specific, new payments frontier. Specifically, it will integrate Stripe Financial Connections and Link to let users import banking details to pay for services like Uber Rides and Eats directly from bank accounts, giving users a payments alternative to credit or debit cards.

This February Ford cut 3,800 jobs, according to CNN, "citing difficult economic conditions and its major push toward electric vehicles... The veteran automaker said the layoffs were primarily triggered by its transition to electric vehicles, and a reduction in 'vehicle complexity.'"

Then in March GM also "unexpectedly cut several hundred jobs to help it trim costs and form a top-tier workforce to guide its transition to an all-electric car company," according to the Detroit Free Press — while later also announcing buyouts to try to "accelerate attrition." A spokesperson explained that GM wanted "to reduce vehicle complexity and expand the use of shared systems between its internal combustion engine and future electric vehicle programs."

Up next is Stellantis, the multinational automotive giant formed when Fiat-Chrysler merged with PSA Group in 2021. It's now "trying to cut its workforce to trim expenses and stay competitive," reports the Associated Press, "as the industry makes the long and costly transition to electric vehicles." Stellantis on Wednesday said it's offering buyouts to groups of white-collar and unionized employees in the U.S., as well as hourly workers in Canada. The cuts are "in response to today's increasingly competitive global market conditions and the necessary shift to electrification," the company said in a prepared statement.

Stellantis said it's looking to reduce its hourly workforce by about 3,500, but wouldn't say how many salaried employees it's targeting. The company has about 56,000 workers in the U.S., and about 33,000 of them could get the offers. Of those, 31,000 are blue-collar workers and 2,500 salaried employees. The company has another 8,000 union workers in Canada, but it would not say how many will get offers...

The offers follow Ford and General Motors, which have trimmed their workforces in the past year through buyout offers. About 5,000 white-collar workers took General Motors up on offers to leave the company this year. Ford cut about 3,000 contract and full-time salaried workers last summer, giving them severance packages.
The article adds that Shawn Fain, the new president of the United Auto Workers union, has told reporters "that he's unhappy with all three companies" over attempts to unionize "new joint-venture factories that will make battery cells for future electric vehicles."

The Detroit Free Press has specifics: He said, for instance, that the wages are lower at the GM and LG Energy Solution Ultium Cells joint venture in Ohio compared with other auto production jobs even though the work is potentially dangerous and requires significant training... The EV transformation is crucial for the future of the industry and its workers, and the union expects its members not to "get lost in the transition," Fain said, noting that jobs are needed "that raise people up, not take us back."

SpaceX and Rogers Communications struck a deal for satellite phone service in Canada -- a bid to bring emergency service to remote areas of the vast country that can't be reached through conventional wireless networks. From a report: The companies will use SpaceX's Starlink low-earth orbit satellites and begin with text service before adding voice and data coverage later, Rogers said in a statement. It didn't give a launch date for the new service. "In the future, these investments will deliver wireless connectivity, including access to 911, to even the most remote areas," Rogers Chief Executive Officer Tony Staffieri said in a statement. Staffieri was due to speak about the arrangement during his speech at the company's annual meeting on Wednesday.

Amazon on Wednesday began laying off some employees in its cloud computing and human resources divisions. From a report: Amazon Web Services CEO Adam Selipsky and human resources head Beth Galetti sent notes to staffers in the U.S., Canada and Costa Rica informing them of the job cuts. "It is a tough day across our organization," Selipsky wrote in the memo. The layoffs are part of the previously announced job cuts that are expected to affect 9,000 employees. Last week, Amazon laid off some employees in its advertising unit, and it has let go of staffers in its video games and Twitch livestreaming units in recent weeks. Amazon wrapped up a separate round of cuts earlier this year that affected approximately 18,000 employees. Combined with the cuts this month, it marks the largest layoffs in Amazon's 29-year history. Amazon CEO Andy Jassy has been aggressively slashing costs across the company as the e-retailer reckons with an economic downturn and slowing growth in its core retail business. Amazon froze hiring in its corporate workforce, axed some experimental projects and slowed warehouse expansion.

Netflix lost more than one million users in Spain in the first three months of 2023 according to market research group Kantar, a sign that the streaming giant's crackdown on password-sharing could backfire. From a report: In early February, Spain became one of Netflix's first markets to introduce a monthly fee for users who shared their log-in details with another household and technical measures to detect such sharing. The move was linked to a fall in users of more than a million, two thirds of whom were using someone else's password, according to Kantar's research, which is based on surveys of household streaming habits.

"It's clear this steep drop is due to the crackdown," said Dominic Sunnebo, global insight director at Kantar's Worldpanel Division, adding that the loss of a million users, even if most weren't paid subscribers, would be a blow to Netflix in terms of word of mouth recommendation for its shows and service. Subscription cancellations in the first quarter tripled compared to the previous period, according to Kantar's research. Of all remaining Netflix subscribers in Spain, one-tenth said they planned to unsubscribe in the second quarter. Spanish subscribers are charged $6.57 a month to add members outside their household. A similar fee was introduced in Portugal, Canada and New Zealand after a roll-out in several Latin American countries.

ChatGPT, OpenAI's large language model for chatbots, not only produces mostly insecure code but also fails to alert users to its inadequacies despite being capable of pointing out its shortcomings. The Register reports: Amid the frenzy of academic interest in the possibilities and limitations of large language models, four researchers affiliated with Universite du Quebec, in Canada, have delved into the security of code generated by ChatGPT, the non-intelligent, text-regurgitating bot from OpenAI. In a pre-press paper titled, "How Secure is Code Generated by ChatGPT?" computer scientists Raphael Khoury, Anderson Avila, Jacob Brunelle, and Baba Mamadou Camara answer the question with research that can be summarized as "not very."

"The results were worrisome," the authors state in their paper. "We found that, in several cases, the code generated by ChatGPT fell well below minimal security standards applicable in most contexts. In fact, when prodded to whether or not the produced code was secure, ChatGPT was able to recognize that it was not." [...] In all, ChatGPT managed to generate just five secure programs out of 21 on its first attempt. After further prompting to correct its missteps, the large language model managed to produce seven more secure apps -- though that's "secure" only as it pertains to the specific vulnerability being evaluated. It's not an assertion that the final code is free of any other exploitable condition. [...]

The academics observe in their paper that part of the problem appears to arise from ChatGPT not assuming an adversarial model of code execution. The model, they say, "repeatedly informed us that security problems can be circumvented simply by 'not feeding an invalid input' to the vulnerable program it has created." Yet, they say, "ChatGPT seems aware of -- and indeed readily admits -- the presence of critical vulnerabilities in the code it suggests." It just doesn't say anything unless asked to evaluate the security of its own code suggestions.

Initially, ChatGPT's response to security concerns was to recommend only using valid inputs -- something of a non-starter in the real world. It was only afterward, when prompted to remediate problems, that the AI model provided useful guidance. That's not ideal, the authors suggest, because knowing which questions to ask presupposes familiarity with specific vulnerabilities and coding techniques. The authors also point out that there's ethical inconsistency in the fact that ChatGPT will refuse to create attack code but will create vulnerable code.

Canada's $190bn Ontario Teachers' Pension Plan says it is steering clear of the cryptocurrency sector after writing off a $95mn investment in FTX, the failed digital currency exchange. From a report: OTPP was among a number of big-name money managers to back FTX, with investments in 2021 and early 2022. The move was widely seen as a sign that high-profile, blue-chip investors were giving their stamp of approval to the fast-growing but lightly regulated crypto sector. But in November 2022 OTPP wrote off its entire stake, following FTX's dramatic collapse. The exchange's high-profile founder, Sam Bankman-Fried, is now facing fraud charges. "We're still working through what exactly happened there and you're going to be careful," OTPP chief executive Jo Taylor told the Financial Times. "It'd be unwise for us to rush" into another crypto investment based in part on "feedback from our members," he added.

An anonymous reader quotes a report from Ars Technica: A Montreal man spent years trying to hold Google accountable for search results linking to a defamatory post falsely accusing him of pedophilia that he said ruined his career. Now Google must pay $500,000 after a Quebec Supreme Court judge ruled that Google relied on an "erroneous" interpretation of Canadian law in denying the man's requests to remove the links. "Google variously ignored the Plaintiff, told him it could do nothing, told him it could remove the hyperlink on the Canadian version of its search engine but not the US one, but then allowed it to re-appear on the Canadian version after a 2011 judgment of the Supreme Court of Canada in an unrelated matter involving the publication of hyperlinks," judge Azimuddin Hussain wrote in his decision (PDF) issued on March 28.

The plaintiff was granted anonymity throughout the proceedings. Google has been ordered not to disclose any identifiable information about him in connection to the case for 45 days. The tech company must also remove all links to the defamatory post in search results viewable in Quebec. [...] Instead of compensatory and punitive damages originally sought -- amounting to $6 million -- the man was awarded $500,000 for moral injuries caused after successfully arguing that he lost business deals and suffered strains on his personal relationships due to being wrongly stigmatized as a pedophile. Hussain described the plaintiff's experience battling Google to preserve his reputation as a "waking nightmare." Due to Google's refusals to remove the defamatory posts, the man "found himself helpless in a surreal and excruciating contemporary online ecosystem as he lived through a dark odyssey to have the Defamatory Post removed from public circulation," Hussain wrote. The plaintiff, now in his early 70s, has the option to appeal the judge's order that Google may not release any of his identifiable information for 45 days.

An anonymous reader quotes a report from TorrentFreak: Last year, a U.S. federal court handed a 40-month prison sentence to Gary Bowser. The Canadian pleaded guilty to being part of the Nintendo hacking group "Team Xecuter" and has now served his time. In part due to his good behavior, Bowser got an early release from federal prison. [...] In a recent video interview with Nick Moses, Bowser explains that he was released from federal prison on March 28th. He is currently in processing at the Northwest Detention Center in Tacoma, Washington, to prepare for his return to Canada.

What his life will look like in Canada remains uncertain. However, in federal prison, Bowser has shown that he doesn't shy away from putting in work and helping other people in need. Aside from his prison job, he spent several nightly hours on suicide watch. The prison job brought in some meager income, a large part of which went to pay for the outstanding restitution he has to pay, which is $14.5 million in total. Thus far, less than $200 has been paid off. "I've been making payments of $25 per month, which they've been taking from my income because I had a job in federal prison. So far I paid $175," Bowser tells Nick Moses.

If Bowser manages to find a stable source of income in Canada, Nintendo will get a chunk of that as well. As part of a consent judgment, he agreed to pay $10 million to Nintendo, which is the main restitution priority. "The agreement with them is that the maximum they can take is 25 to 30 percent of your gross monthly income. And I have up to six months before I have to start making payments," Bowser notes. At that rate, it is unlikely that Nintendo will ever see the full amount. Or put differently, Bowser will carry the financial consequences of his Team-Xecuter involvement for the rest of his life.

Netflix is planning a "broad rollout" of the password sharing crackdown that it began implementing in 2022, the company said today in its Q1 2023 earnings report (PDF). MacRumors reports: The "paid sharing" plan that Netflix has been testing in a limited number of countries will expand to additional countries in the second quarter, including the United States. Netflix said that it was "pleased with the results" of the password sharing restrictions that it implemented in Canada, New Zealand, Spain, and Portugal earlier this year. Netflix initially planned to start eliminating password sharing in the United States in the first quarter of the year, but the company said that it had learned from its tests and "found opportunities to improve the experience for members." There is a "cancel reaction" expected in each market where paid sharing is implemented, but increased revenue comes later as borrowers activate their own Netflix accounts and existing members add "extra member" accounts.

In Canada, paid sharing resulted in a larger Netflix membership base and an acceleration in revenue growth, which has given Netflix the confidence to expand it to the United States. When Netflix brings its paid sharing rules to the United States, multi-household account use will no longer be permitted. Netflix subscribers who share an account with those who do not live with them will need to pay for an additional member. In Canada, Netflix charges $7.99 CAD for an extra member, which is around $6. [...] Netflix claims that more than 100 million households are sharing accounts, which is impacting its ability to "invest in and improve Netflix" for paying members.

In March U.S. President Joe Biden "signed an executive order that limits U.S. government agencies from using commercially available spyware," writes EFF senior policy analyst Matthew Guariglia.

"But that doesn't mean there will be no government use of spyware in the United States...." The executive order arrived only days before revelations that the United States, which was previously thought to have steered clear of some of the most infamous foreign spyware products, actually had a contract to test and deploy the notorious Pegasus created by Israeli company NSO Group. The contract was signed under a fake name on November 8, 2021 between an organization that acts as a front for the U.S. government and an American affiliate of NSO group. Only five days before, on November 3, 2021, the U.S. Commerce Department added NSO Group and other foreign spyware companies to a blacklist — the "Entity List for engaging in activities that are contrary to the national security or foreign policy interests of the United States." So the signing of this straw contract was in apparent breach of this ban. NSO Group is just one of the companies that should be covered by the new executive order....

Though the NSO Group's Pegasus spyware has garnered particular attention for its widespread use against human rights advocates, journalists, and politicians, the executive order did not name any company specifically, keeping the policy broad. This may lead some government agencies to think that their purchase of foreign spyware might fly under the radar if it comes from another, smaller vendor, or the vendor can plausibly deny that it is really spyware that they are selling. We urge the Biden administration to publish a non-exhaustive list of spyware companies included as part of this ban. That would send a clear message to agencies who wish to exploit any ambiguity in order to skirt the law.
The EFF applauds the U.S. order for specyfing ways in which spyware is not to be used — including a ban on its use against journalists, activists, political figures, and any U.S. person "without proper legal authorization, safeguards, and oversight." And the EFF also notes positive signs of progress towards stopping government misuse of spyware:
Building upon the U.S. executive order, a global coalition of eleven countries, including Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, the United Kingdom, and the United States, are working towards a common goal of countering the misuse of commercial spyware. This alliance is committed to establishing robust guardrails and procedures that uphold fundamental human rights, civil liberties, and the rule of law, within each of their respective systems.
But the EFF also points out the biggest concern of the U.S. government appears to be with the dangers in spyware that's foreign made. "While this signals discomfort with foreign-made spyware, no one should take this as an indication that the U.S. government is averse to using similar technologies developed internally, or indeed acquiring foreign spyware companies for domestic use.

"Given the government's long history of using and abusing incredibly invasive techniques, people in the United States should push for robust human rights safeguards to ensure the government won't proceed with only the minor restrictions of this executive order to rein them in."

Several government cybersecurity agencies united to urge secure-by-design and secure-by-default software. Releasing "joint guidance" for software manufactuers were two U.S. security agencies — the FBI and the NSA — joined with the U.S. Cybersecurity and Infrastructure Security Agency and the cybersecurity authorities of Australia, Canada, the United Kingdom, Germany, Netherlands, and New Zealand. "To create a future where technology and associated products are safe for customers," they wrote in a joint statement, "the authoring agencies urge manufacturers to revamp their design and development programs to permit only secure-by-design and -default products to be shipped to customers."

The Washington Post reports: Software manufacturers should put an end to default passwords, write in safer programming languages and establish vulnerability disclosure programs for reporting flaws, a collection of U.S. and international government agencies said in new guidelines Thursday. [The guidelines also urge rigorous code reviews.]

The "principles and approaches" document, which isn't mandatory but lays out the agencies' views on securing software, is the first major step by the Biden administration as part of its push to make software products secure as part of the design process, and to make their default settings secure as well. It's part of a potentially contentious multiyear effort that aims to shift the way software makers secure their products. It was a key feature of the administration's national cybersecurity strategy, which was released last month and emphasized shifting the burden of security from consumers — who have to manage frequent software updates — to the companies that make often insecure products... The administration has also raised the prospect of legislation on secure-by-design and secure-by-default, but officials have said it could be years away....

The [international affairs think tank] Atlantic Council's Cyber Statecraft Initiative has praised the Biden administration's desire to address economic incentives for insecurity. Right now, the costs of cyberattacks fall on users more than they do tech providers, according to many policymakers. "They're on a righteous mission," Trey Herr, director of the Atlantic Council initiative, told me. If today's guidelines are the beginning of the discussion on secure-by-design and secure-by-default, Herr said, "this is a really strong start, and an important one."

"It really takes aim at security features as a profit center," which for some companies has led to a lot of financial growth, Herr said. "I do think that's going to rub people the wrong way and quick, but that's good. That's a good fight."
In the statement CISA's director says consumers also have a role to play in this transition. "As software now powers the critical systems and services we collectively rely upon every day, consumers must demand that manufacturers prioritize product safety above all else."

Among other things, the new guidelines say that manufacturers "are encouraged make hard tradeoffs and investments, including those that will be 'invisible' to the customers, such as migrating to programming languages that eliminate widespread vulnerabilities."

Alphabet's Google received a mixed ruling on Thursday from a San Francisco federal judge in a patent lawsuit brought by Sonos over wireless audio technology, failing to invalidate all of the patents before a trial but narrowing Sonos' claims. Reuters reports: The case, set for trial May 8, is part of a contentious intellectual property dispute between the former business partners over their smart speakers that includes lawsuits in the United States, Canada, France, Germany and the Netherlands. Sonos won a limited import ban on some Google devices from the U.S. International Trade Commission (ITC) last year, while Google has sued Sonos for patent infringement at the ITC and in California. [...]

Sonos accused Google in the San Francisco case of infringing four patents related to multi-room wireless speaker technology. U.S. District Judge William Alsup previously invalidated one of the patents and determined Google infringed another. Alsup found Thursday that a second Sonos patent was also invalid, but rejected Google's request to cancel the remaining two patents before trial. The judge also said Google did not infringe one of the surviving patents willfully, reducing Sonos' potential damages. Alsup also said he would hold a separate bench trial after the jury trial to determine whether Google's redesigned speakers infringe Sonos' patents.

Ford said Tuesday it will spend $1.34 billion (C$1.8B) to turn its 70-year-old Oakville facility in Canada into an assembly plant for its next-generation of electric vehicles. TechCrunch reports: The campus, which first opened in 1953, will be renamed Oakville Electric Vehicle Complex. The company said Tuesday it will begin modernizing the 487-acre site in the second quarter of 2024. The upgrade includes completely retooling the facility that currently produces the internal combustion engine-powered Ford Edge and Lincoln Nautilus to own that only produces EVs. This is the first time that Ford has completely retooled an existing plant for EVs in North America.

Ford also plans to add a 407,000-square-foot battery plant that will use cells and arrays from its BlueOval SK Battery Park in Kentucky. Workers will assemble the components into battery packs and then install them into EVs produced at the plant. "I'm most excited for the world to see the incredible next-generation electric and fully digitally connected vehicles produced in Oakville," CEO Jim Farley said in a statement.