ABC News reports: A highly anticipated UFO report prepared by the U.S. intelligence community is expected to be presented to congressional committees on Friday, according to a U.S. official, but officials have told ABC News the report will not provide definitive explanations for the dozens of encounters reported by the U.S. military with unidentified aerial phenomena, or UAPs. And in a development certain to disappoint UFO enthusiasts who have hoped that the report may have found links to alien spacecraft, the report has not found any evidence to suggest any links to such theories, according to three officials. The report prepared by the Director of National Intelligence (DNI) was required by the Intelligence Authorization Act passed by Congress late last year. The U.S. intelligence community was given 180 days to prepare an unclassified and classified report on what the U.S. government knew about UAP's.

In a blog post today, Google announced a series of new security enhancements that will make many publicly accessible Google Drive links no longer accessible. The enhancements are being brought to Google Drive on September 23rd, 2021. XDA Developers reports: Once this change goes live, Google says that users will need a "resource key" to access a publicly shared link. However, users won't need an updated link with said resource key appended if they've already accessed that file before in the past. As a result of this change, we can imagine that lots of Google Drive links shared online on forums and other sites will no longer work as their owners neglect to update them, leaving them only accessible to the people that have already clicked the links before.

According to the post made on the Google Workspace blog, this won't affect all files. Users who have shared a file that is affected by this change will get an email from Google informing them of this change and how to opt out of needing those files from being updated. These emails will be sent out to users starting on July 26th. Google shared a copy of a sample email to show end-users what the message they'll get will look like. The company doesn't recommend opting out all files and says that only the files that you want publicly accessible should be opted out. Users have until September 13th to decide if they want the update applied, so if you have no files that are publicly accessible, then you won't need to do anything. YouTube is also making similar changes. "Starting on July 23, Unlisted videos uploaded before the January 1, 2017, system change will be automatically made private," reports 9to5Google. "That said, YouTube creators can decide to opt out of this change. Filling out this form will let you 'keep your Unlisted videos uploaded before 2017 in their current Unlisted state.' Other options include making Unlisted pre-2017 videos public or re-uploading as a new Unlisted video at the expense of stats."

Tim Berners-Lee has defended his decision to auction an NFT (non-fungible token) representing the source code to the web, comparing the sale to an autographed book or a speaking tour. From a report: The creator of the world wide web announced his decision to create and sell the digital asset through Sotheby's auction house last week. In the auction, which begins on Wednesday and will run for one week, collectors will have the chance to bid on a bundle of items, including the 10,000 lines of the source code to the original web browser, a digital poster created by Berners-Lee representing the code, a letter from him, and an animated video showing the code being entered.

"This is totally aligned with the values of the web," Berners-Lee told the Guardian. "The questions I've got, they said: 'Oh, that doesn't sound like the free and open web.' Well, wait a minute, the web is just as free and just as open as it always was. The core codes and protocols on the web are royalty free, just as they always have been. I'm not selling the web -- you won't have to start paying money to follow links. "I'm not even selling the source code. I'm selling a picture that I made, with a Python programme that I wrote myself, of what the source code would look like if it was stuck on the wall and signed by me. "If they felt that me selling an NFT of a poster is inappropriate, then what about me selling a book? I do things like that, which involve money, but the free and open web is still free and open. And we do still, every now and again, have to fight to keep it free and open, fight for net neutrality and so on."

An anonymous reader quotes a report from BleepingComputing: The Ragnar Locker ransomware gang have published download links for more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. A set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, at least for some time. [...] Two of the leaked archives are quite large, weighing over 100GB, but several of them that could have been easily downloaded are less than 1.1GB large. Per the file metadata published by the threat actor, the largest archive is close to 300GB and its name gives no clue about what it might contain. Another large one is 117GB in size and its name is just as nondescript as in the case of the first one (Archive#2). Judging by the names of the archives, Ragnar Locker likely stole from ADATA documents containing financial information, non-disclosure agreements, among other type of details.

The ransomware attack on ADATA happened on May 23rd, 2021, forcing them to take systems offline, the company told BleepingComputer. As the Ragnar Locker leak clearly shows, ADATA did not pay the ransom and restored the affected systems on its own. The ransomware actor claims stealing 1.5TB of sensitive files before deploying the encryption routine, saying that they took their time in the process because of the poor network defenses. The recently leaked batch of archives is the second one that Ragnar Locker ransomware publishes for ADATA. The previous one was posted earlier this month and includes four small 7-zip archives (less than 250MB together) that can still be downloaded.

Facebook's Clubhouse competitor, Live Audio Rooms, is making its way stateside. From a report: The company announced today that some US-based public figures, as well as certain groups, can start hosting rooms through the main Facebook iOS app. (People can join, however, from both iOS and Android.) Anyone can be invited up as a speaker with up to 50 people able to speak at once. There's no cap on the number of listeners allowed in -- a major shot at Clubhouse, which imposes room size limitations. It's also introducing other nifty features, like notifications when your friends or followers join a room, as well as live captions. There will be a "raise a hand" button to request to join the conversation, and reactions will be available to to interact throughout the chat. Twitter Spaces, Twitter's live audio feature, includes captions, but Clubhouse still does not.

Within groups, admins can control who's allowed to create a room: moderators, group members, or other admins. Public group chats will be accessible both in and outside the group, but private group chats will be restricted to members. Additionally, hosts can also select a nonprofit or fundraiser to support during their conversation with a button to directly donate showing up on the chat. Again, this feels like a feature directly built to address a key Clubhouse use case and make it frictionless. (Many Clubhouse creators have hosted fundraisers on the app but have to direct people to outside links in order to facilitate donations.)

"Everything from Visual Studio Code to Microsoft Edge and Teams package links were affected," reports Windows Central. They note Azure's status page (which now shows the issue lasting for more than 22 hours), though however long it lasted, "it's a virtual eternity for those whose entire ecosystem is crippled by such an outage."

According to Ars Technica, starting on Wednesday, "packages.microsoft.com — the repository from which Microsoft serves software installers for Linux distributions including CentOS, Debian, Fedora, OpenSUSE, and more — went down hard..." The outage impacted users trying to install .NET Core, Microsoft Teams, Microsoft SQL Server for Linux (yes, that's a thing) and more — as well as Azure's own devops pipelines.

We first became aware of the problem Wednesday evening when we saw 404 errors in the output of apt update on an Ubuntu workstation with Microsoft Teams installed. The outage is somewhat better-documented at this .NET Core issue report on Github, with many users from all around the world sharing their experiences and theories...

The entire repository cluster that serves all Linux packages for Microsoft was completely down — issuing a range of HTTP 404 (content not found) and 500 (Internal Server Error) messages for any URL — for roughly 18 hours. Microsoft engineer Rahul Bhandari confirmed the outage roughly five hours after it was initially reported, with a cryptic comment about the infrastructure team "running into some space issues."

Eighteen hours after the issue was detailed, Bhandari said that the mirrors were once again available — although with temporarily degraded performance, likely due to cold caches.

A month ago, Amazon-first gadget brands Aukey and Mpow suddenly and mysteriously disappeared from the giant online retailer's storefront, with almost all their electronics vanishing from Amazon's shelves. Today, popular battery and charger brand RavPower has completely disappeared as well. From a report: All of the company's product listings have disappeared, leaving blank white spaces in RavPower's Amazon storefront. Searches for "RavPower" don't bring up any listings for products made by the company. Existing links to RavPower products either point to Amazon's "Sorry, we couldn't find that page" cute 404 dogs, or listings that read "Currently unavailable." By and large, this is exactly what happened to Aukey, Mpow, and other lesser-known electronics retailers last month -- except here, whoever did this has been a bit more thorough.

Russia's government was quick to use social media when it tried to steer the course of U.S. elections, American officials say. It isn't quite as eager to see its own opponents at home try the same thing. From a report: Ahead of a parliamentary vote later this year, the Kremlin has been fine-tuning its strategy to pressure platforms such as Twitter, YouTube and TikTok to remove antigovernment content, classifying a growing number of posts as illegal and issuing a flurry of takedown requests. So far it appears to be working. The Western-dominated tech giants have in many instances complied. YouTube temporarily removed links to content laying out the opposition's voting strategy. Russian officials say Twitter is working to comply with requests to remove content that Moscow deems illegal. TikTok, owned by China's ByteDance, also removed or altered a handful of videos that criticized the government and promoted opposition street protests. TikTok, Twitter and Google, the Alphabet subsidiary that owns YouTube, say they decide whether to delete content based on local laws where they operate and on their own internal guidelines. None of the companies commented on specific cases mentioned in this article.

From today's edition of Mike Melanson's "This Week in Programming" column: If you've been using open source software for any amount of time, then you're well aware of the tangled web of dependencies often involved in such projects. If not, there's any number of tools out there that explore just how interconnected everything is, and this week Google has jumped into the game with its own offering — an exploratory visualization site called Open Source Insights that gives users an interactive view of dependencies of open source projects.

Now, Google isn't the first to get into the game of trying to uncover and perhaps untangle the dizzying dependency graph of the open source world, but the company argues that it is more so trying to lay everything out in a way that developers can see, visually, just how, well, hopelessly screwed they really are.

"There are tools to help, of course: vulnerability scanners and dependency audits that can help identify when a package is exposed to a vulnerability. But it can still be difficult to visualize the big picture, to understand what you depend on, and what that implies," they write.

The Open Source Insights tool — currently "experimental" — gives users either a table or graphical visualization of how a project is composed, allowing them to explore the dependency graph and examine how using different versions of certain projects might actually affect that dependency graph. One of the benefits, Google notes, is that it allows users to see all this information "without asking you to install the package first. You can see instantly what installing a package — or an updated version — might mean for your project, how popular it is, find links to source code and other information, and then decide whether it should be installed."

Currently, the tool supports npm, Maven, Go modules, and Cargo, with more packaging systems on the way soon...

Matt Stoller, looking at this month's antitrust suit against Amazon filed by D.C. attorney general Karl Racine: To understand why, we have to start with the idea of free shipping. Free shipping is the God of online retail, so powerful that France actually banned the practice to protect its retail outlets. Free shipping is also the backbone of Prime. Amazon founder Jeff Bezos knew that the number one pain point for online buyers is shipping -- one third of shoppers abandon their carts when they see shipping charges. Bezos helped invent Prime for this reason, saying the point of Prime was to use free shipping "to draw a moat around our best customers." The goal was to get people used to buying from Amazon, knowing they wouldn't have to worry about shipping charges. Once Amazon had control of a large chunk of online retail customers, it could then begin dictating terms of sellers who needed to reach them.

This became clear as you read Racine's complaint. One of the most important sentences in the AG's argument is a quote from Bezos in 2015 where he alludes to this point. In discussing the firm's logistics service that is the bedrock of its free shipping promise, Fulfillment by Amazon (FBA), he said, "FBA is so important because it is glue that inextricably links Marketplace and Prime. Thanks to FBA, Marketplace and Prime are no longer two things. Their economics ... are now happily and deeply intertwined." Amazon wants people to see Prime, FBA, and Marketplace as one integrated mega-product, what Bezos likes to call "a flywheel," to disguise the actual monopolization at work. (Indeed, any time you hear the word "flywheel" relating to Amazon, replace it with "monopoly" and the sentence will make sense.)

Last Sunday Belarus "forcibly landed a Ryanair plane flying from Athens to Vilnius and arrested the opposition blogger Roman Protasevich and his girlfriend, who were on board," Reuters reports.

By Tuesday the Guardian reports there was a "confession" video which the blogger's father said his son had clearly been physically coerced into recording.

And then... YouTube ran advertisements featuring confession videos published by Belarusian authorities of detained journalist and activist Roman Protasevich and his girlfriend Sofia Sapega, according to a number of people on social media...

The YouTube advertisements appear to have been purchased by a pro-government channel with less than 2,000 subscribers with a name which translates to "Belarus, country for life." The channel has published a number of viral videos about Belarus and its logo features the Belarusian presidential flag... Screenshots posted online suggest the ads displayed Protasevich's confession video to viewers and directed them to a pro-government Telegram channel with almost 80,000 subscribers. At least one person on Twitter also reported seeing another ad from the same channel featuring Sapega's confession tape.

A spokesperson for Google, which owns YouTube, said the company had identified both of the ads and took action against them according to its inappropriate content policy. "YouTube has always had strict policies around the type of content that is allowed to serve as ads on our platform," the spokesperson said in an email. "We quickly remove any ads that violate these policies." YouTube generally allows advertisers to run political ads, but its rules around inappropriate content prohibit those that "single out someone for abuse or harassment; content that suggests a tragic event did not happen, or that victims or their families are actors, or complicit in a cover-up of the event."

The advertisements raise questions about YouTube's ability to effectively moderate how its platform may be used to amplify questionable content in ads...

Tadeusz Giczan, editor-in-chief of NEXTA, the independent media organization Protasevich previously worked for, said on Twitter that Belarus officials have long used YouTube advertisements to spread propaganda. "Fun fact: for almost a year Belarusian state news agency BelTA has been using hostage videos like the one with Roman Protasevich as paid ads on YouTube with links to their network of pro-govt telegram channels," he wrote. "We tried everything but YouTube says there's nothing wrong about it." Last year, several people complained online about YouTube advertisements promoting Belarusian government propaganda seemingly from the same channel.

YouTube did not immediately answer follow-up questions about whether it had previously taken action against the "Belarus, country for life" account.

GameStop has quietly unveiled a new web portal for a non-fungible token (NFT) platform. The Block reports: "We are building a team" the page declares, stating: "We welcome exceptional engineers (solidity, react, python), designers, gamers, marketers, and community leaders. If you want to join our team, send your profile or something you've built to: nfteam@gamestop.com."

The exact scope of the project is unclear, though prominently featured on the page is a link to an Ethereum address, indicating that GameStop's team will use Ethereum as a technology base. The smart contract code declares "Game On Anon" and links to GameStop's NFT page and indicates that potential GameStop-released NFTs will utilize Ethereum's ERC721 standard. The code also points to a dedicated token, GME.

"The official Python software package repository, PyPI, is getting flooded with spam packages..." Bleeping Computer reported Thursday.

"Each of these packages is posted by a unique pseudonymous maintainer account, making it challenging for PyPI to remove the packages and spam accounts all at once..." PyPI is being flooded with spam packages named after popular movies in a style commonly associated with torrent or "warez" sites that provide pirated downloads: watch-(movie-name)-2021-full-online-movie-free-hd-... Although some of these packages are a few weeks old, BleepingComputer observed that spammers are continuing to add newer packages to PyPI... The web page for these bogus packages contain spam keywords and links to movie streaming sites, albeit of questionable legitimacy and legality...

February of this year, PyPI had been flooded with bogus "Discord", "Google", and "Roblox" keygens in a massive spam attack, as reported by ZDNet. At the time, Ewa Jodlowska, Executive Director of the Python Software Foundation had told ZDNet that the PyPI admins were working on addressing the spam attack, however, by the nature of pypi.org, anyone could publish to the repository, and such occurrences were common.

Other than containing spam keywords and links to quasi-video streaming sites, these packages contain files with functional code and author information lifted from legitimate PyPI packages... As previously reported by BleepingComputer, malicious actors have combined code from legitimate packages with otherwise bogus or malicious packages to mask their footsteps, and make the detection of these packages a tad more challenging...

In recent months, the attacks on open-source ecosystems like npm, RubyGems, and PyPI have escalated. Threat actors have been caught flooding software repositories with malware, malicious dependency confusion copycats, or simply vigilante packages to spread their message. As such, securing these repositories has turned into a whack-a-mole race between threat actors and repository maintainers.

An anonymous reader quotes a report from BuzzFeed News: In a national effort to get through to horny but vaccine-hesitant Americans, the White House announced Friday that it is joining forces with dating apps to encourage people to get their COVID-19 vaccines so that they can go forth and fuck freely this summer. Vaccinated users on Tinder, Hinge, Bumble, and Badoo will have access to some premium features for free. OkCupid, Chispa, BLK, and Match are giving out a free "Boost" to those who've been vaccinated so that their profiles are more likely to be seen first. Plenty of Fish is also offering free credits to vaccinated members for its livestreaming feature.

The dating apps will add badges or stickers that users can include on their profile to indicate that they've been vaccinated, as well as filters so that you only swipe on fellow vaccinated people. There will also be in-app links to find your closest vaccination site. "People who display their vaccination status are 14% more likely to get a match," White House COVID-19 adviser Andy Slavitt said at a press conference, citing research from OkCupid. "We have finally found the one thing that makes us all more attractive." The new features are expected to launch on the apps in the next few weeks.

Do gamers need a dedicated browser? Opera sure thinks so. Two years after launching Opera GX, a browser aimed at gamers, on desktop, the company has started to beta test Opera GX on iOS and Android. From a report: So what sets it apart from regular browsers? For starters, Opera GX features a control panel that lets you set limits on CPU, RAM and network bandwidth. Mobile users can also utilize the fast action button to quickly access functions like search and to open and close tabs. Exporting elements from the world of gaming, the button also uses vibrations and haptic feedback. You can also sync the mobile browser with the desktop version by scanning a QR code. Doing this will allow you to transfer across files of up to 10MB, links, YouTube videos, photos and various ephemera. The company says it expects Opera GX for iOS and Android to leave beta in a few weeks.

An anonymous reader quotes a report from NPR: At a hearing this March on Capitol Hill, the Republican congresswoman [Cathy McMorris Rodgers] from Washington confronted Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey and Google CEO Sundar Pichai with a list of statistics: From 2011 to 2018, rates of teen depression increased by more than 60%, and from 2009 to 2015, emergency room admissions for self-harm among 10- to 14-year-old girls tripled. "It's a battle for their development. It's a battle for their mental health -- and ultimately a battle for their safety," McMorris Rodgers told the tech leaders. But when she pointed a question specifically to Zuckerberg, about whether he acknowledged a connection between children's declining mental health and social media platforms, he demurred. "I don't think that the research is conclusive on that," replied Zuckerberg.

It's a position that he and his company, which is working on expanding its offerings to even younger children, have held for years. But mental health researchers whom NPR spoke with disagree. They describe an increasingly clear correlation between poor mental health outcomes and social media use, and they worry that Facebook (which also owns Instagram and WhatsApp) in particular may be muddying the waters on that connection to protect its public image. "The correlational evidence showing that there is a link between social media use and depression is pretty definitive at this point," said Jean Twenge, a psychology professor at San Diego State University. "The largest and most well-conducted studies that we have all show that teens who spend more time on social media are more likely to be depressed or unhappy."

Correlation is not causation, and one area of further study is whether greater social media usage leads to poor mental health outcomes or whether those who are depressed and unhappy are drawn to spend more time on social media. But researchers also worry that not enough government funding is going toward getting objective data to answer these sorts of questions. Facebook also almost certainly knows more than it has publicly revealed about how its products affect people. Zuckerberg told McMorris Rodgers that the company has specifically researched the mental health effects Facebook has on children, but when McMorris Rodgers' staff followed up the company declined to share any of its research.

"I believe that they have done the research. They're not being transparent," McMorris Rodgers told NPR in an interview. "They seem to be more concerned about their current business model, and they have become very wealthy under their current business model. But the fact of the matter is we're seeing more and more evidence ... that their current business model is harming our kids."

ITWire reports on how Norwegian firm Volue Technology handled a ransomware attack that began on May 5th: The company has set up a Web page with information about the attack and also links to frequent updates about the status of its systems. There was no obfuscation about the attack, none at all. The company said: "The ransomware attack on Volue Technology ('Powel') was caused by Ryuk, a type of malware usually known for targeting large, public-entity Microsoft Windows systems."

What is even more remarkable about this page is that it has provided the telephone number and email address of its chief executive, Trond Straume, and asked for anyone who needs additional information to contact him. Not some underling.
ITWire argues this response "demonstrated to the rest of the world how a ransomware attack should be handled."

sandbagger shares a report from The Register: FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser. Konstantin Darutkin, senior software engineer at FingerprintJS, said in a blog post that the company has dubbed the privacy vulnerability "scheme flooding." The name refers to abusing custom URL schemes, which make web links like "skype://" or "slack://" prompt the browser to open the associated application. "The scheme flooding vulnerability allows an attacker to determine which applications you have installed," explains Darutkin. "In order to generate a 32-bit cross-browser device identifier, a website can test a list of 32 popular applications and check if each is installed or not."

Visiting the schemeflood.com site using a desktop (not mobile) browser and clicking on the demo will generate a flood of custom URL scheme requests using a pre-populated list of likely apps. A browser user would typically see a pop-up permission modal window that says something like, "Open Slack.app? A website wants to open this application. [canel] [Open Slack.app]." But in this case, the demo script just cancels if the app is present or reads the error as confirmation of the app's absence. It then displays the icon of the requested app if found, and moves on to its next query. The script uses each app result as a bit to calculate the identifier. The fact that the identifier remains consistent across different browsers means that cross-browser tracking is possible, which violates privacy expectations.

An anonymous reader quotes a report from MIT Technology Review: In 1998 a couple of Stanford graduate students published a paper describing a new kind of search engine: "In this paper, we present Google, a prototype of a large-scale search engine which makes heavy use of the structure present in hypertext. Google is designed to crawl and index the Web efficiently and produce much more satisfying search results than existing systems." The key innovation was an algorithm called PageRank, which ranked search results by calculating how relevant they were to a user's query on the basis of their links to other pages on the web. On the back of PageRank, Google became the gateway to the internet, and Sergey Brin and Larry Page built one of the biggest companies in the world. Now a team of Google researchers has published a proposal for a radical redesign that throws out the ranking approach and replaces it with a single large AI language model, such as BERT or GPT-3 -- or a future version of them. The idea is that instead of searching for information in a vast list of web pages, users would ask questions and have a language model trained on those pages answer them directly. The approach could change not only how search engines work, but what they do -- and how we interact with them.

[Donald Metzler and his colleagues at Google Research] are interested in a search engine that behaves like a human expert. It should produce answers in natural language, synthesized from more than one document, and back up its answers with references to supporting evidence, as Wikipedia articles aim to do. Large language models get us part of the way there. Trained on most of the web and hundreds of books, GPT-3 draws information from multiple sources to answer questions in natural language. The problem is that it does not keep track of those sources and cannot provide evidence for its answers. There's no way to tell if GPT-3 is parroting trustworthy information or disinformation -- or simply spewing nonsense of its own making.

Metzler and his colleagues call language models dilettantes -- "They are perceived to know a lot but their knowledge is skin deep." The solution, they claim, is to build and train future BERTs and GPT-3s to retain records of where their words come from. No such models are yet able to do this, but it is possible in principle, and there is early work in that direction. There have been decades of progress on different areas of search, from answering queries to summarizing documents to structuring information, says Ziqi Zhang at the University of Sheffield, UK, who studies information retrieval on the web. But none of these technologies overhauled search because they each address specific problems and are not generalizable. The exciting premise of this paper is that large language models are able to do all these things at the same time, he says.

An anonymous reader quotes a report from The Verge: Amazon's Alexa has a voice familiar to millions: calm, warm, and measured. But like most synthetic speech, its tones have a human origin. There was someone whose voice had to be recorded, analyzed, and algorithmically reproduced to create Alexa as we know it now. Amazon has never revealed who this "original Alexa" is, but journalist Brad Stone says he tracked her down, and she is Nina Rolle, a voiceover artist based in Boulder, Colorado. The claim comes from Stone's upcoming book on the tech giant, Amazon Unbound, an excerpt of which is published here in Wired. Neither Amazon nor Rolle confirmed or denied Stone's reporting, which he says is based on conversations with the professional voiceover community, but Rolle's voice alone makes for a compelling case.

Here's how Stone writes up the process in selecting Alexa's voice: "Believing that the selection of the right voice for Alexa was critical, [then-Amazon exec Greg] Hart and colleagues spent months reviewing the recordings of various candidates that GM Voices produced for the project, and presented the top picks to Bezos. The Amazon team ranked the best ones, asked for additional samples, and finally made a choice. Bezos signed off on it. Characteristically secretive, Amazon has never revealed the name of the voice artist behind Alexa. I learned her identity after canvasing the professional voice-over community: Boulder, Colorado -- based voice actress and singer Nina Rolle. Her professional website contains links to old radio ads for products such as Mott's Apple Juice and the Volkswagen Passat -- and the warm timbre of Alexa's voice is unmistakable. Rolle said she wasn't allowed to talk to me when I reached her on the phone in February 2021. When I asked Amazon to speak with her, they declined."