An anonymous reader quotes a report from The Guardian: The technology flaws of the U.S. Secret Service helped the gunman who attempted to assassinate Donald Trump during a rally in Butler, Pennsylvania, last month evade detection. An officer broadcast "long gun!" over the local law enforcement radio system, according to congressional testimony from the Secret Service this week, the New York Times reported. The radio message should have travelled to a command center shared between local police and the Secret Service, but the message was never received by the Secret Service. About 30 seconds later, the shooter, Thomas Crooks, fired his first shots.

It was one of several technology issues facing the Secret Service on 13 July due to either malfunction, improper deployment or the Secret Service opting not to utilize them. The Secret Service had also previously rejected requests from the Trump campaign for more resources over the past two years. The use of a surveillance drone was turned down by the Secret Service at the rally site and the agency also did not bring in a system to boost the signals of agents' devices as the area had poor cell service. And a system to detect drone use in the area by others did not work, according to the report in the New York Times, due to the communications network in the area being overwhelmed by the number of people gathered at the rally. The federal agency did not use technology it had to bolster their communications system. The shooter flew his own drone over the site for 11 minutes without being detected, about two hours before Trump appeared at the rally. Ronald Rowe Jr, the acting Secret Service director, said it never utilized the technological tools that could have spotted the shooter beforehand.

A former Secret Service officer also told the New York Times he "resigned in 2017 over frustration with the agency's delays in evaluating new technology and getting clearance and funding to obtain it and then train officers on it," notes The Guardian. Furthermore, the Secret Service failed to record communications between federal and local law enforcement at the rally.

An anonymous reader quotes a report from SFGATE: Over the past few years, scores of California tech workers have ended up in the exact same position: laid-off, looking for work on LinkedIn and sick of it. LinkedIn, part job site and part social network, has become an all but necessary tool for the office-job-seeking masses in the Bay Area and beyond. As tech companies gut their workforces, people who would otherwise give the blue-and-white site a wide berth feel compelled to scroll for hours every day for job opportunities. LinkedIn is a dominant force in the professional world, with more than 1 billion users and 67 million weekly job searchers. That scale, plus the torrent of self-promotion and corporate platitudes fueling the platform, has long made it a symbol of modern capitalism. Now, in the age of tech's layoffs, it's also a symbol of dread.

The platform's specter looms so large because it does exactly what it needs to. Tech workers are stuck on Linkedin: In a competitive job market rife with spam listings, the free platform's networking-focused features set it a peg above competitors like Indeed, Dice and Levels.fyi in the search for full-time work. Since February, SFGATE has spoken with 10 recently laid-off tech workers; most of them see LinkedIn as painful but necessary and have locked up new jobs in part thanks to the platform. Tech worker Kyle Kohlheyer told SFGATE that returning to LinkedIn after losing his job at Cruise in December felt like "salt in the wound" and called the job site a "cesspool" of wannabe thought leaders and "temporarily embarrassed millionaires."

"I found success on their platform, but I f-king hate LinkedIn," Kohlheyer said. "It sucks. It is a terrible place to exist every day and depend on a job for. [...] There's just such a capitalist-centric mindset on there that is so annoying as a worker who has been fundamentally screwed by companies," he said. "Wading" through LinkedIn, he said, it's hard to tell if people feel like an alternative to the top-heavy, precarious tech economy is even possible.

Another tech worker, Mark Harris, added: "Is [LinkedIn] a terrible sign that we live in a capitalist hellscape? Hell yes! But we do live in a capitalist hellscape, and girl's gotta eat."

Thomas Claburn reports via The Register: Meta's machine-learning model for detecting prompt injection attacks -- special prompts to make neural networks behave inappropriately -- is itself vulnerable to, you guessed it, prompt injection attacks. Prompt-Guard-86M, introduced by Meta last week in conjunction with its Llama 3.1 generative model, is intended "to help developers detect and respond to prompt injection and jailbreak inputs," the social network giant said. Large language models (LLMs) are trained with massive amounts of text and other data, and may parrot it on demand, which isn't ideal if the material is dangerous, dubious, or includes personal info. So makers of AI models build filtering mechanisms called "guardrails" to catch queries and responses that may cause harm, such as those revealing sensitive training data on demand, for example. Those using AI models have made it a sport to circumvent guardrails using prompt injection -- inputs designed to make an LLM ignore its internal system prompts that guide its output -- or jailbreaks -- input designed to make a model ignore safeguards. [...]

It turns out Meta's Prompt-Guard-86M classifier model can be asked to "Ignore previous instructions" if you just add spaces between the letters and omit punctuation. Aman Priyanshu, a bug hunter with enterprise AI application security shop Robust Intelligence, recently found the safety bypass when analyzing the embedding weight differences between Meta's Prompt-Guard-86M model and Redmond's base model, microsoft/mdeberta-v3-base. "The bypass involves inserting character-wise spaces between all English alphabet characters in a given prompt," explained Priyanshu in a GitHub Issues post submitted to the Prompt-Guard repo on Thursday. "This simple transformation effectively renders the classifier unable to detect potentially harmful content." "Whatever nasty question you'd like to ask right, all you have to do is remove punctuation and add spaces between every letter," Hyrum Anderson, CTO at Robust Intelligence, told The Register. "It's very simple and it works. And not just a little bit. It went from something like less than 3 percent to nearly a 100 percent attack success rate."

An anonymous reader quotes a report from Bloomberg: A number of fiber optic cables carrying broadband service across France were cut overnight in the latest attack on the country's infrastructure during the Olympic Games. Connections serving Paris, which is hosting the Olympic Games this week, and the games themselves weren't affected, a spokesman for Olympics telecom partner, Orange SA, said. Still, this is the second sabotage of French infrastructure in the past few days as the world converges on the capital. Coordinated fires on French rail lines disrupted trains ahead of the opening ceremony on Friday.

The fiber cables were cut in nine departments overall including: Ardeche, Aude, Bouches-du-Rhone, Drome, Herault, Vaucluse, Marne, Meuse and Oise, the French Telecom Federation said. SFR said its network was vandalized between 1 a.m. and 3 a.m. Paris time, and teams are working on repairs, a spokesman for the French phone company said. The carrier is using alternative routes to serve customers, though redirecting the traffic might lead to slower speeds. Other carriers, including Iliad SA's Free and Netalis, also said they were impacted in social media posts. Netalis Chief Executive Officer Nicolas Guillaume said that the telecom company had successfully moved traffic to backup networks early on Monday. French cloud provider OVHcloud is also working to reroute traffic after the incident, which had caused slower performance on connections between Europe and Asia Pacific, a spokesman said. "We advocate for France reinforcing criminal sanctions for vandalism on telecom infrastructure, which should be put at the same level as vandalism on energy infrastructure," said Romain Bonenfant, head of the French Telecom Federation industry group, in an interview. "Telecom infrastructure, like the railways, covers kilometers across the whole territory -- you can't put surveillance on every part of it."

Long-time Slashdot theodp says this "provocative" blog post by former Google engineer Avery Pennarun — now the CEO/founder of Tailscale — is "a call to take back the Internet from its centralized rent-collecting cloud computing gatekeepers."

Pennarun writes: I read a post recently where someone bragged about using Kubernetes to scale all the way up to 500,000 page views per month. But that's 0.2 requests per second. I could serve that from my phone, on battery power, and it would spend most of its time asleep. In modern computing, we tolerate long builds, and then Docker builds, and uploading to container stores, and multi-minute deploy times before the program runs, and even longer times before the log output gets uploaded to somewhere you can see it, all because we've been tricked into this idea that everything has to scale. People get excited about deploying to the latest upstart container hosting service because it only takes tens of seconds to roll out, instead of minutes. But on my slow computer in the 1990s, I could run a perl or python program that started in milliseconds and served way more than 0.2 requests per second, and printed logs to stderr right away so I could edit-run-debug over and over again, multiple times per minute.

How did we get here?

We got here because sometimes, someone really does need to write a program that has to scale to thousands or millions of backends, so it needs all that stuff. And wishful thinking makes people imagine even the lowliest dashboard could be that popular one day. The truth is, most things don't scale, and never need to. We made Tailscale for those things, so you can spend your time scaling the things that really need it. The long tail of jobs that are 90% of what every developer spends their time on. Even developers at companies that make stuff that scales to billions of users, spend most of their time on stuff that doesn't, like dashboards and meme generators.

As an industry, we've spent all our time making the hard things possible, and none of our time making the easy things easy. Programmers are all stuck in the mud. Just listen to any professional developer, and ask what percentage of their time is spent actually solving the problem they set out to work on, and how much is spent on junky overhead.
Tailscale offers a "zero-config" mesh VPN — built on top of WireGuard — for a secure network that's software-defined (and infrastructure-agnostic). "The problem is developers keep scaling things they don't need to scale," Pennarun writes, "and their lives suck as a result...."

"The tech industry has evolved into an absolute mess..." Pennarun adds at one point. "Our tower of complexity is now so tall that we seriously consider slathering LLMs on top to write the incomprehensible code in the incomprehensible frameworks so we don't have to."

Their conclusion? "Modern software development is mostly junky overhead."

A U.S. appeals court has ruled that the Federal Communications Commission's Universal Service Fund, which collects fees on phone bills to support telecom network expansion and affordability programs, is unconstitutional, potentially upending the $8 billion-a-year system.

The 5th Circuit Court's 9-7 decision, which creates a circuit split with previous rulings in the 6th and 11th circuits, found that the combination of Congress's delegation to the FCC and the FCC's subsequent delegation to a private entity violates the Constitution's Legislative Vesting Clause. FCC Chairwoman Jessica Rosenworcel criticized the ruling as "misguided and wrong," vowing to pursue all available avenues for review.

Researchers at Check Point have uncovered a clandestine network of approximately 3,000 "ghost" accounts on GitHub, manipulating the platform to promote malicious content. Since June 2023, a cybercriminal dubbed "Stargazer Goblin" has been exploiting GitHub's community features to boost malicious repositories, making them appear legitimate and popular.

Antonis Terefos, a malware reverse engineer at Check Point, discovered the network's activities, which include "starring," "forking," and "watching" malicious pages to increase their visibility and credibility. The network, named "Stargazers Ghost Network," primarily targets Windows users, offering downloads of seemingly legitimate software tools while spreading various types of ransomware and info-stealer malware.

Google is now the only search engine that can surface results from Reddit, making one of the web's most valuable repositories of user generated content exclusive to the internet's already dominant search engine. 404 Media: If you use Bing, DuckDuckGo, Mojeek, Qwant or any other alternative search engine that doesn't rely on Google's indexing and search Reddit by using "site:reddit.com," you will not see any results from the last week.

DuckDuckGo is currently turning up seven links when searching Reddit, but provides no data on where the links go or why, instead only saying that "We would like to show you a description here but the site won't allow us." Older results will still show up, but these search engines are no longer able to "crawl" Reddit, meaning that Google is the only search engine that will turn up results from Reddit going forward. Searching for Reddit still works on Kagi, an independent, paid search engine that buys part of its search index from Google. The news shows how Google's near monopoly on search is now actively hindering other companies' ability to compete at a time when Google is facing increasing criticism over the quality of its search results. The news follows Google signing a $60 million deal with Reddit early this year to use the social network's content to train its LLMs.

Humble Games, the indie game publisher behind the popular pay-what-you-want "Humble Game Bundle," has laid off its entire staff of 36 people. However, the company says it is not shutting down and Humble Bundle will not be impacted. Instead, the job cuts are part of a restructuring of operations. GameSpot reports: In a statement shared with GameSpot, Humble Games confirmed that Humble Bundle will have "no impact on its operations. Additionally, ongoing and upcoming games from Humble Games will still move ahead and be published by the company. Humble Games is the publisher of many notable indie games, including Stray Gods, Bo: Path of the Teal Lotus, Chinatown Detective Agency, Ikenfell, Unpacking, Slay the Spire, and Midnight Fight Express, just to name a few.

Humble Games is the separate publishing arm of digital storefront Humble Bundle. Both companies are owned by IGN Entertainment, but operate as a separate entities. Earlier this year, IGN Entertainment also bought video game websites Eurogamer, Rock Paper Shotgun, VG247, GamesIndustry.biz, and Dicebreaker from Gamer Network.

An anonymous reader quotes a report from the Center for European Policy Analysis (CEPA): Alexey Soldatov, a Russian Internet pioneer and a founder of the first Internet provider in the country, has been sentenced by a court to two years in a labor colony on charges of "abuse of power." Soldatov, 72, had been detained by a court in Moscow. He is terminally ill. Very few in Russia believe in the government charges against a man widely known as a Father of the Russian Internet -- and who is less well known as the father of Andrei Soldatov, one of this article's authors. Soldatov was accused of abuse of power when managing a pool of IP-addresses by an organization he had no position at. This legal absurdity was enough to see him imprisoned even though the court knew of Soldatov's illness, which meant the court had no legal right to pass a custodial sentence. His family believes that the decision is essentially a death sentence. The article details Soldatov's history and his pivotal role in creating the Relcom network, which connected Soviet research centers and established the Soviet Union's first link to the global internet in 1990. During the 1991 KGB coup attempt, Relcom remained operational, highlighting its role in bypassing traditional media control and connecting people both within the Soviet Union and globally.

According to the Washington Post (paywalled), the House Homeland Security Committee has called on the CrowdStrike CEO to testify over the major outage that brought flights, hospital procedures, and broadcasters to a halt on Friday. The outage was caused by a defective software update from the company that primarily affected computers runnings Windows, resulting in system crashes and "blue screen of death" errors. From the report: Republican leaders of the House Homeland Security Committee demanded that CrowdStrike CEO George Kurtz commit by Wednesday to appearing on Capitol Hill to explain how the outages occurred and what "mitigation steps" the company is taking to prevent future episodes. [...] Reps. Mark Green (R-Tenn.) and Andrew R. Garbarino (R-N.Y.), chairs of the Homeland Security Committee and its cybersecurity subcommittee, respectively, wrote in their letter that the outages "must serve as a broader warning about the national security risks associated with network dependency. Protecting our critical infrastructure requires us to learn from this incident and ensure that it does not happen again," the lawmakers wrote. CrowdStrike spokesperson Kirsten Speas said in an emailed statement Monday that the company is "actively in contact" with the relevant congressional committees and that "engagement timelines may be disclosed at Members' discretion," but declined to say whether Kurtz will testify.

The committee is one of several looking into the incident, with members of the House Oversight Committee and House Energy and Commerce Committee separately requesting briefings from CrowdStrike. But the effort by Homeland Security Committee leaders marks the first time the company is being publicly summoned to testify about its role in the disruptions. CrowdStrike has risen to prominence as a major security provider partly by identifying malicious online campaigns by foreign actors, but the outages have heightened concern in Washington that international adversaries could look to exploit future incidents. "Malicious cyber actors backed by nation-states, such as China and Russia, are watching our response to this incident closely," Green and Garbarino wrote. The outages, which disrupted agencies at the federal and state level, are also raising questions about how much businesses and government officials alike have come to rely on Microsoft products for their daily operations.

AT&T's February wireless outage disrupted over 92 million voice calls and hindered more than 25,000 attempts to reach emergency services, an FCC report said. The 12-hour nationwide incident affected approximately 125 million devices, including those of other providers using AT&T's network. Stemming from an equipment configuration error during a network change, the outage also impacted first responders' communications.

An anonymous reader quotes a report from Ars Technica: The European Commission (EC) has finally taken action to block Meta's heavily criticized plan to charge a subscription fee to users who value privacy on its platforms. Surprisingly, this step wasn't taken under laws like the Digital Services Act (DSA), the Digital Markets Act (DMA), or the General Data Protection Regulation (GDPR). Instead, the EC announced Monday that Meta risked sanctions under EU consumer laws if it could not resolve key concerns about Meta's so-called "pay or consent" model. Meta's model is seemingly problematic, the commission said, because Meta "requested consumers overnight to either subscribe to use Facebook and Instagram against a fee or to consent to Meta's use of their personal data to be shown personalized ads, allowing Meta to make revenue out of it." Because users were given such short notice, they may have been "exposed to undue pressure to choose rapidly between the two models, fearing that they would instantly lose access to their accounts and their network of contacts," the EC said. To protect consumers, the EC joined national consumer protection authorities, sending a letter to Meta requiring the tech giant to propose solutions to resolve the commission's biggest concerns by September 1.

That Meta's "pay or consent" model may be "misleading" is a top concern because it uses the term "free" for ad-based plans, even though Meta "can make revenue from using their personal data to show them personalized ads." It seems that while Meta does not consider giving away personal information to be a cost to users, the EC's commissioner for justice, Didier Reynders, apparently does. "Consumers must not be lured into believing that they would either pay and not be shown any ads anymore, or receive a service for free, when, instead, they would agree that the company used their personal data to make revenue with ads," Reynders said. "EU consumer protection law is clear in this respect. Traders must inform consumers upfront and in a fully transparent manner on how they use their personal data. This is a fundamental right that we will protect." Additionally, the EC is concerned that Meta users might be confused about how "to navigate through different screens in the Facebook/Instagram app or web-version and to click on hyperlinks directing them to different parts of the Terms of Service or Privacy Policy to find out how their preferences, personal data, and user-generated data will be used by Meta to show them personalized ads." They may also find Meta's "imprecise terms and language" confusing, such as Meta referring to "your info" instead of clearly referring to consumers' "personal data." A Meta spokesperson said in a statement: "Subscriptions as an alternative to advertising are a well-established business model across many industries. Subscription for no ads follows the direction of the highest court in Europe and we are confident it complies with European regulation."

A ransomware attack has taken down the computer system of America's largest trial court, reports the Associated Press: The cybersecurity attack began early Friday and is not believed to be related to the faulty CrowdStrike software update that has disrupted airlines, hospitals and governments around the world, officials said in a statement Friday. The court disabled its computer network systems upon discovery of the attack, and it will remain down through at least the weekend.
Friday's statement called it "a serious security event," adding that the court is receiving help from local, state, and federal law enforcement agencies. "At this time, the preliminary investigation shows no evidence of court users' data being compromised." Over the past few years, the Court has invested heavily in its cybersecurity operations, modernizing its cybersecurity infrastructure and making strategic staff investments in the Cybersecurity Division within Court Technology Services. As a result of this investment, the Court was able to quickly detect an intrusion and address it immediately.

Due to the ongoing nature of the investigation, remediation, and recovery, the Court will not comment further until additional information is available for public release.
Sunday the Court posted on X.com that they're "working diligently to get the Court's network systems back up and running...

"When we have a better understanding of the extent to which the Court will be operational tomorrow, July 22, we will provide information and direction to court users and jurors, likely later this evening."

The BBC reports that "while most of the world was grappling with the blue screen of death on Friday," there was one country that managed to escape largely unscathed: China. The reason is actually quite simple: CrowdStrike is hardly used there. Very few organisations will buy software from an American firm that, in the past, has been vocal about the cyber-security threat posed by Beijing. Additionally, China is not as reliant on Microsoft as the rest of the world. Domestic companies such as Alibaba, Tencent and Huawei are the dominant cloud providers.

So reports of outages in China, when they did come, were mainly at foreign firms or organisations. On Chinese social media sites, for example, some users complained they were not able to check into international chain hotels such as Sheraton, Marriott and Hyatt in Chinese cities. Over recent years, government organisations, businesses and infrastructure operators have increasingly been replacing foreign IT systems with domestic ones. Some analysts like to call this parallel network the "splinternet".

"It's a testament to China's strategic handling of foreign tech operations," says Josh Kennedy White, a cybersecurity expert based in Singapore. "Microsoft operates in China through a local partner, 21Vianet, which manages its services independently of its global infrastructure. This setup insulates China's essential services — like banking and aviation — from global disruptions."
"Beijing sees avoiding reliance on foreign systems as a way of shoring up national security."

Thanks to long-time Slashdot reader hackingbear for sharing the article.

SolarWinds still faces some legal action over its infamous 2020 breach, reports NextGov.com. But a U.S. federal judge has dismissed most of the claims from America's Securities and Exchange Commission, which "alleged the company defrauded investors because it deliberately hid knowledge of cyber vulnerabilities in its systems ahead of a major security breach discovered in 2020."

Slashdot reader krakman shares this report from the Washington Post: "The SEC's rationale, under which the statute must be construed to broadly cover all systems public companies use to safeguard their valuable assets, would have sweeping ramifications," [judge] Engelmayer wrote in a 107-page decision. "It could empower the agency to regulate background checks used in hiring nighttime security guards, the selection of padlocks for storage sheds, safety measures at water parks on whose reliability the asset of customer goodwill depended, and the lengths and configurations of passwords required to access company computers," he wrote. The federal judge also dismissed SEC claims that SolarWinds' disclosures after it learned its customers had been affected improperly covered up the gravity of the breach...

In an era when deeply damaging hacking campaigns have become commonplace, the suit alarmed business leaders, some security executives and even former government officials, as expressed in friend-of-the-court briefs asking that it be thrown out. They argued that adding liability for misstatements would discourage hacking victims from sharing what they know with customers, investors and safety authorities. Austin-based SolarWinds said it was pleased that the judge "largely granted our motion to dismiss the SEC's claims," adding in a statement that it was "grateful for the support we have received thus far across the industry, from our customers, from cybersecurity professionals, and from veteran government officials who echoed our concerns."
The article notes that as far back as 2018, "an engineer warned in an internal presentation that a hacker could use the company's virtual private network from an unauthorized device and upload malicious code. Brown did not pass that information along to top executives, the judge wrote, and hackers later used that exact technique." Engelmayer did not dismiss the case entirely, allowing the SEC to try to show that SolarWinds and top security executive Timothy Brown committed securities fraud by not warning in a public "security statement" before the hack that it knew it was highly vulnerable to attacks.

The SEC "plausibly alleges that SolarWinds and Brown made sustained public misrepresentations, indeed many amounting to flat falsehoods, in the Security Statement about the adequacy of its access controls," Engelmayer wrote. "Given the centrality of cybersecurity to SolarWinds' business model as a company pitching sophisticated software products to customers for whom computer security was paramount, these misrepresentations were undeniably material."

An anonymous reader quotes a report from CNBC: The U.S. will fall behind in the artificial intelligence race if it does not embrace natural gas to help meet surging electricity demand from data centers, the CEO of one of the nation's largest pipeline operators told CNBC. "The only way we're going to be able to keep up with the kind of power demand and the electrification that's already afoot is natural gas," Williams Companies CEO Alan Armstrong said in an interview Thursday. "If we deny ourselves that we're going to fall behind in the AI race." Williams Companies handles about one-third of the natural gas in the U.S. through a pipeline network that spans more than 30,000 miles. Williams' network includes the 10,000 mile Transcontinental Pipeline, or Transco, a crucial artery that serves virtually the entire eastern seaboard including Virginia, the world's largest data center hub, and fast growing Southeast markets such as Georgia.

The tech sector's expansion of data centers to support AI and the adoption of electric vehicles is projected to add 290 terawatt hours of electricity demand by the end of the decade in the U.S., according to a recent report by the energy consulting firm Rystad. This load growth is equivalent to the entire electricity demand of Turkey, the world's 18th largest economy. Executives at some the nation's largest utilities have warned that failure to meet this surging electricity demand will jeopardize not just the artificial intelligence revolution, but economic growth across the board in the U.S. The role natural gas in helping to meet that demand is controversial as the country is simultaneously trying to transition to a clean energy economy through the rapid expansion of renewables. "We are going to run right up against a brick wall here and pretty quickly in terms of not having enough power available to do what we want to do on the AI side," Armstrong said. "I actually see this as a huge national security issue," the CEO said. "We're going to have to get out of our own way or we're going to accidentally keep ourselves from being the power we can be in the AI space."

"Those groups that have very much had their brand be all green have come to us and said, 'We got to work with you guys. We've run out of alternatives -- we can't meet the needs of our customers without using natural gas,'" Armstrong said. "We're completely out of capacity ourselves," Armstrong added. "So we just have to kind of beg, borrow and steal from other people's capacity to do our best to make gas available."

Bangladesh is experiencing a "near-total" nationwide internet shutdown amid government efforts to control widespread student protests against the country's quota system for government jobs. The country's quota system requires a third of government jobs be reserved for relatives of veterans who had fought for independence from Pakistan.

According to Reuters, the protests "have opened old and sensitive political fault lines between those who fought for Bangladesh's independence from Pakistan in 1971 and those accused of collaborating with Islamabad." Analysts say the protests have also been "fueled by high unemployment among young people" and "wider economic woes, such as high inflation and shrinking reserves of foreign exchange." Engadget reports on the internet disruptions: To control the situation, Bangladeshi authorities shut down internet and phone access throughout the country, a common practice in South Asia to prevent the spread of rumors and misinformation and exercise state control. NetBlocks, a global internet monitor that works on digital rights analyzed live network data that showed that Bangladesh was in the middle of a "near-total national internet shutdown." [...]

Bangladesh has frequently blacked out the internet to crack down on political opposition and activists. At the end of 2023, research tool CIVICUS Monitor, which provides data on the state of civil society and freedoms in nearly 200 countries, downgraded Bangladesh's civic space to "closed," its lowest possible rating, after the country imposed six internet shutdowns the previous year. That made Bangladesh the fifth-largest perpetrator of internet shutdowns in 2022, Access Now said.

The country's telecom regulator had pledged to keep internet access on through Bangladesh's general elections at the beginning of 2024, but that electoral period is now over. Despite the pledge, Bangladesh blocked access to news websites during its elections.

An anonymous reader quotes a report from Ars Technica: Citing frustration with mobile carriers enforcing different phone-unlocking policies that are bad for consumers, the Federal Communications Commission is proposing a 60-day unlocking requirement that would apply to all wireless providers. The industry's "confusing and disparate cell phone unlocking policies" mean that "some consumers can unlock their phones with relative ease, while others face significant barriers," Commissioner Geoffrey Starks said at yesterday's FCC meeting. "It also means certain carriers are subject to mandatory unlocking requirements while others are free to dictate their own. This asymmetry is bad for both consumers and competition."

The FCC is "proposing a uniform 60-day unlocking policy" so that "consumers can choose the carrier that offers them the best value," Starks said. Unlocking a phone allows it to be used on a different carrier's network as long as the phone is compatible. The FCC approved the Notice of Proposed Rulemaking (NPRM) in a 5-0 vote. That begins a public comment period that could lead to a final rulemaking. A draft of the NPRM said the FCC "propose[s] to require all mobile wireless service providers to unlock handsets 60 days after a consumer's handset is activated with the provider, unless within the 60-day period the service provider determines the handset was purchased through fraud."

"You bought your phone, you should be able to take it to any provider you want," Rosenworcel said. "Some providers already operate this way. Others do not. In fact, some have recently increased the time their customers must wait until they can unlock their device by as much as 100 percent." Rosenworcel apparently was referring to a prepaid brand offered by T-Mobile. The NPRM draft said that "T-Mobile recently increased its locking period for one of its brands, Metro by T-Mobile, from 180 days to 365 days." The 365-day rule brought Metro into line with other T-Mobile prepaid phones that already came with the year-long lock. We reached out to T-Mobile and will update this article if it provides a comment. A merger condition imposed on T-Mobile's purchase of Sprint merely requires that it unlock prepaid phones within one year. T-Mobile imposes different unlocking policies on prepaid and postpaid phones. For postpaid devices, T-Mobile says it will unlock phones that have been active for at least 40 days, but only if any associated financing or leasing agreement has been paid in full.

An anonymous reader quotes a report from the New York Times: The image, as it happens, comes from dozens of brain scans produced by researchers at Washington University School of Medicine in St. Louis who gave psilocybin, the compound in "magic mushrooms," to participants in a study before sending them into a functional M.R.I. scanner. The kaleidoscopic whirl of colors they recorded is essentially a heat map of brain changes, with the red, orange and yellow hues reflecting a significant departure from normal activity patterns. The blues and greens reflect normal brain activity that occurs in the so-called functional networks, the neural communication pathways that connect different regions of the brain.

The scans, published Wednesday in the journal Nature, offer a rare glimpse into the wild neural storm associated with mind-altering drugs. Researchers say they could provide a potential road map for understanding how psychedelic compounds like psilocybin, LSD and MDMA can lead to lasting relief from depression, anxiety and other mental health disorders. "Psilocybin, in contrast to any other drug we've tested, has this massive effect on the whole brain that was pretty unexpected," said Dr. Nico Dosenbach, a professor of neurology at Washington University and a senior author of the study. "It was quite shocking when we saw the effect size." Brian Mathur, a systems neuroscientist at the University of Maryland School of Medicine in Baltimore, says these findings cannot show exactly what causes the therapeutic benefit of psilocybin, but "it's possible psilocybin is directly causing" the brain-network changes. That, or it is creating a psychedelic experience that in turn causes parts of the brain to behave differently.

The next step is to determine whether psilocybin's blood-flow changes in the brain or its direct effects on neurons, or both, are responsible for the brain-network disruptions. "The best part of this work is that it's going to provide a means forward for the field to develop further hypotheses that can and should be tested," Mathur says.