The Internet

Double-keyed Browser Caching Is Hitting Web Performance 88

A Google engineer has warned that a major shift in web browser caching is upending long-standing performance optimization practices. Browsers have overhauled their caching systems that forces websites to maintain separate copies of shared resources instead of reusing them across domains.

The new "double-keyed caching" system, implemented to enhance privacy, is ending the era of shared public content delivery networks, writes Google engineer Addy Osmani. According to Chrome's data, the change has led to a 3.6% increase in cache misses and 4% rise in network bandwidth usage.
Social Networks

Mastodon Announces Transition To Nonprofit Structure (techcrunch.com) 12

An anonymous reader quotes a report from TechCrunch, written by Ivan Mehta: Decentralized social network organization Mastodon said Monday that it is planning to create a new nonprofit organization in Europe and hand over ownership of entities responsible for key Mastodon ecosystem and platform components. This means one person won't have control over the entire project. The organization is trying to differentiate itself from social networks controlled by CEOs like Elon Musk and Mark Zuckerberg. While exact details are yet to be finalized, this means that Mastodon's current CEO and creator, Eugen Rochko, will hand over management bits of the organization to the new entity and focus on the product strategy.

The organization said that it will continue to host the mastodon.social and mastodon.online servers, which users can sign up for and join the ActivityPub-based network. Mastodon currently has 835,000 monthly active users spread across thousands of servers. [...] Last year, the company formed a U.S.-based nonprofit to get more funds and grants with Twitter co-founder Biz Stone on the board. At the same time, the organization lost its nonprofit status in Germany. [...] The blog post noted that the new Europe-based nonprofit entity will wholly own the Mastodon GmbH for-profit entity. The organization is in the process of finalizing the place where the new entity will be set up.
"We are taking the time to select the appropriate jurisdiction and structure in Europe. Then we will determine which other (subsidiary) legal structures are needed to support operations and sustainability,â Mastodon said in a blog post. "Throughout, we will focus on establishing the appropriate governance and leadership frameworks that reflect the nature and purpose of Mastodon as a whole, and responsibly serve the community."
The Internet

Starlink's Satellite Internet is Cheaper than Leading ISPs in Five African Countries (restofworld.org) 118

"In at least five of the 16 African countries where the service is available, a monthly Starlink subscription is cheaper than the leading fixed internet service provider," reports Rest of World.

"Starlink, launched in 2019 by Elon Musk's SpaceX, has become the leading satellite internet provider in the world." Now available in more than 100 countries, Starlink can also be a relatively affordable option for users trying to log on in countries with limited internet service providers... A Rest of World analysis indicates that in at least five of the 16 African countries where the service is available, a monthly Starlink subscription is cheaper than the leading fixed internet service provider... [Kenya, Ghana, Zimbabwe, Mozambique, and Cape Verde — though not including the upfront costs of Starlink hardware.]

Historically, internet connections around the globe have typically been enabled by ground-based internet service providers using fiber-optic cables and mobile base stations. But in many parts of the world, that infrastructure is sparse or nonexistent. "This is where satellite providers come in," said Nitinder Mohan, a computer science professor at the Delft University of Technology in the Netherlands who has studied Starlink's performance around the world. "I can be in the middle of a forest and, if I have a direct view of the sky, I can get my internet connectivity," he told Rest of World. "Regions which are previously underconnected — where there was no way of getting internet connectivity to them — now with these satellites, you can actually enable that...." According to the latest figures by the International Telecommunication Union, a U.N. agency focused on information and communication technologies, 38% of the population in Africa uses the internet, compared to 91% of Europe...

Since launching in Kenya in July 2023, Starlink has disrupted the existing internet service provider industry. Starlink offers high connectivity speeds and wide availability in remote areas, along with dramatically lower prices. The company also introduced a rental option... Starlink has become so popular in Kenya that the company paused new subscriptions in major cities in early November due to network overload. The company plans to deploy more infrastructure in Nairobi and Johannesburg in order to bring more people online, said Mohan, the computer science professor at Delft University.

Starlink is less than half the cost of the leading ISP in Kenya Ghana, and especially in Zimbabwe (where the difference is dramatic):

Starlink: $30
Leading ISP in Zimbabwe: $633.62

Now in Kenya legacy telecom providers like Safaricom "have responded by lowering prices and increasing internet speeds," according to the article. The head of the research wing of the Global Systems for Mobile Communications Association even told Rest of World ISPS are also developing their own satellite networks (like Vodacom's partnership with satellite mobile network AST SpaceMobile) — though ironically, AST SpaceMobile launched its first satellites with the help of SpaceX.
Youtube

CES 'Worst In Show' Devices Mocked In IFixit Video - While YouTube Inserts Ads For Them (worstinshowces.com) 55

While CES wraps up this week, "Not all innovation is good innovation," warns Elizabeth Chamberlain, iFixit's Director of Sustainability (heading their Right to Repair advocacy team). So this year the group held its fourth annual "anti-awards ceremony" to call out CES's "least repairable, least private, and least sustainable products..." (iFixit co-founder Kyle Wiens mocked a $2,200 "smart ring" with a battery that only lasts for 500 charges. "Wanna open it up and change the battery? Well you can't! Trying to open it will completely destroy this device...") There's also a category for the worst in security — plus a special award titled "Who asked for this?" — and then a final inglorious prize declaring "the Overall Worst in Show..."

Thursday their "panel of dystopia experts" livestreamed to iFixit's feed of over 1 million subscribers on YouTube, with the video's description warning about manufacturers "hoping to convince us that they have invented the future. But will their vision make our lives better, or lead humanity down a dark and twisted path?" The video "is a fun and rollicking romp that tries to forestall a future clogged with power-hungry AI and data-collecting sensors," writes The New Stack — though noting one final irony.

"While the ceremony criticized these products, YouTube was displaying ads for them..."

UPDATE: Slashdot reached out to iFixit co-founder Kyle Wiens, who says this teaches us all a lesson. "The gadget industry is insidious and has their tentacles everywhere."

"Of course they injected ads into our video. The beast can't stop feeding, and will keep growing until we knife it in the heart."

Long-time Slashdot reader destinyland summarizes the article: "We're seeing more and more of these things that have basically surveillance technology built into them," iFixit's Chamberlain told The Associated Press... Proving this point was EFF executive director Cindy Cohn, who gave a truly impassioned takedown for "smart" infant products that "end up traumatizing new parents with false reports that their baby has stopped breathing." But worst for privacy was the $1,200 "Revol" baby bassinet — equipped with a camera, a microphone, and a radar sensor. The video also mocks Samsung's "AI Home" initiative which let you answer phone calls with your washing machine, oven, or refrigerator. (And LG's overpowered "smart" refrigerator won the "Overall Worst in Show" award.)

One of the scariest presentations came from Paul Roberts, founder of SecuRepairs, a group advocating both cybersecurity and the right to repair. Roberts notes that about 65% of the routers sold in the U.S. are from a Chinese company named TP-Link — both wifi routers and the wifi/ethernet routers sold for homes and small offices.Roberts reminded viewers that in October, Microsoft reported "thousands" of compromised routers — most of them manufactured by TP-Link — were found working together in a malicious network trying to crack passwords and penetrate "think tanks, government organizations, non-governmental organizations, law firms, defense industrial base, and others" in North America and in Europe. The U.S. Justice Department soon launched an investigation (as did the U.S. Commerce Department) into TP-Link's ties to China's government and military, according to a SecuRepairs blog post.

The reason? "As a China-based company, TP-Link is required by law to disclose flaws it discovers in its software to China's Ministry of Industry and Information Technology before making them public." Inevitably, this creates a window "to exploit the publicly undisclosed flaw... That fact, and the coincidence of TP-Link devices playing a role in state-sponsored hacking campaigns, raises the prospects of the U.S. government declaring a ban on the sale of TP-Link technology at some point in the next year."

TP-Link won the award for the worst in security.

AI

Foreign Cybercriminals Bypassed Microsoft's AI Guardrails, Lawsuit Alleges (arstechnica.com) 3

"Microsoft's Digital Crimes Unit is taking legal action to ensure the safety and integrity of our AI services," according to a Friday blog post by the unit's assistant general counsel. Microsoft blames "a foreign-based threat-actor group" for "tools specifically designed to bypass the safety guardrails of generative AI services, including Microsoft's, to create offensive and harmful content.

Microsoft "is accusing three individuals of running a 'hacking-as-a-service' scheme," reports Ars Technica, "that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content" after bypassing Microsoft's AI guardrails: They then compromised the legitimate accounts of paying customers. They combined those two things to create a fee-based platform people could use. Microsoft is also suing seven individuals it says were customers of the service. All 10 defendants were named John Doe because Microsoft doesn't know their identity.... The three people who ran the service allegedly compromised the accounts of legitimate Microsoft customers and sold access to the accounts through a now-shuttered site... The service, which ran from last July to September when Microsoft took action to shut it down, included "detailed instructions on how to use these custom tools to generate harmful and illicit content."

The service contained a proxy server that relayed traffic between its customers and the servers providing Microsoft's AI services, the suit alleged. Among other things, the proxy service used undocumented Microsoft network application programming interfaces (APIs) to communicate with the company's Azure computers. The resulting requests were designed to mimic legitimate Azure OpenAPI Service API requests and used compromised API keys to authenticate them. Microsoft didn't say how the legitimate customer accounts were compromised but said hackers have been known to create tools to search code repositories for API keys developers inadvertently included in the apps they create. Microsoft and others have long counseled developers to remove credentials and other sensitive data from code they publish, but the practice is regularly ignored. The company also raised the possibility that the credentials were stolen by people who gained unauthorized access to the networks where they were stored...

The lawsuit alleges the defendants' service violated the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Lanham Act, and the Racketeer Influenced and Corrupt Organizations Act and constitutes wire fraud, access device fraud, common law trespass, and tortious interference.

Wikipedia

Wikipedia Searches Reveal Differing Styles of Curiosity (scientificamerican.com) 24

Wikipedia's massive dataset helped researchers identify three styles of curiosity -- "busybody," "hunter," and "dancer" -- based on how users navigate its pages (see: wiki rabbit hole). These curiosity styles reflect broader social trends and highlight curiosity's role in connecting information rather than merely acquiring it. Scientific American reports: In this lexicon, a busybody traces a zigzagging route through many often distantly related topics. A hunter, in contrast, searches with sustained focus, moving among a relatively small number of closely related articles. A dancer links together highly disparate topics to try to synthesize new ideas. "Curiosity actually works by connecting pieces of information, not just acquiring them," says University of Pennsylvania network scientist Dani Bassett, cosenior author on a recent study of these curiosity types in Science Advances. "It's not as if we go through the world and pick up a piece of information and put it in our pockets like a stone. Instead we gather information and connect it to stuff that we already know."

The team tracked more than 482,000 people using Wikipedia's mobile app in 50 countries or territories and 14 languages. The researchers charted these users' paths using "knowledge networks" of connected information, which depict how closely one search topic (a node in the network) is related to another. Beyond just mapping the connections, they linked curiosity styles to location-based indicators of well-being, inequality, and other measures. In countries with higher education levels and greater gender equality, people browsed more like busybodies. In countries with lower scores on these variables, people browsed like hunters. Bassett hypothesizes that "in countries that have more structures of oppression or patriarchal forces, there may be a constraining of knowledge production that pushes people more toward this hyperfocus." The researchers also analyzed topics of interest, ranging from physics to visual arts, for busybodies compared with hunters (graphic). Dancer patterns, more recently confirmed, were excluded.
Editor note: This article was published on December 24, 2024, based on a study published in October, 2024.
The Almighty Buck

India's Payments Push is Cutting Out Visa and Mastercard (techcrunch.com) 42

India's homegrown digital payments ecosystem, anchored by two systems, is challenging Visa and Mastercard's dominance in the world's most populous nation. The backbone is UPI, a nine-year-old bank-to-bank payment network that processes over 13 billion monthly transactions through QR codes and phone numbers, accounting for 71% of all transactions and 36% of consumer spending, according to Bernstein.

RuPay, India's domestic card network, has leveraged its exclusive right to process credit card transactions through UPI to double its volume to $7.43 billion in fiscal 2025's first seven months. It now represents 28% of credit card transactions, up from 10% last year. Small merchants are adopting the system as RuPay only charges fees on transactions above $23.3. India's central bank has also mandated banks let customers choose their card network, ending exclusive deals with global providers.
Privacy

See the Thousands of Apps Hijacked To Spy On Your Location (404media.co) 49

An anonymous reader quotes a report from 404 Media: Some of the world's most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement. The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games likeCandy Crushand dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem -- not code developed by the app creators themselves -- this data collection is likely happening without users' or even app developers' knowledge.

"For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising 'bid stream,'" rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data. The data provides a rare glimpse inside the world of real-time bidding (RTB). Historically, location data firms paid app developers to include bundles of code that collected the location data of their users. Many companies have turned instead to sourcing location information through the advertising ecosystem, where companies bid to place ads inside apps. But a side effect is that data brokers can listen in on that process and harvest the location of peoples' mobile phones.

"This is a nightmare scenario for privacy, because not only does this data breach contain data scraped from the RTB systems, but there's some company out there acting like a global honey badger, doing whatever it pleases with every piece of data that comes its way," Edwards says. Included in the hacked Gravy data are tens of millions of mobile phone coordinates of devices inside the US, Russia, and Europe. Some of those files also reference an app next to each piece of location data. 404 Media extracted the app names and built a list of mentioned apps. The list includes dating sites Tinder and Grindr; massive games such asCandy Crush,Temple Run,Subway Surfers, andHarry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo's email client; Microsoft's 365 office app; and flight tracker Flightradar24. The list also mentions multiple religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy.
404 Media's full list of apps included in the data can be found here. There are also other lists available from other security researchers.
AT&T

AT&T Promises Bill Credits For Future Outages (arstechnica.com) 19

An anonymous reader quotes a report from Ars Technica: AT&T, following last year's embarrassing botched update that kicked every device off its wireless network and blocked over 92 million phone calls, is now promising full-day bill credits to mobile customers for future outages that last at least 60 minutes and meet certain other criteria. A similar promise is being made to fiber customers for unplanned outages lasting at least 20 minutes, but only if the customer uses an AT&T-provided gateway. The "AT&T Guarantee" announced today has caveats that can make it possible for a disruption to not be covered. AT&T says the promised mobile bill credits are "for wireless downtime lasting 60 minutes or more caused by a single incident impacting 10 or more towers."

The full-day bill credits do not include a prorated amount for the taxes and fees imposed on a monthly bill. The "bill credit will be calculated using the daily rate customer is charged for wireless service only (excludes taxes, fees, device payments, and any add-on services," AT&T said. If an outage lasts more than 24 hours, a customer will receive another full-day bill credit for each additional day. If only nine or fewer AT&T towers aren't functioning, a customer won't get a credit even if they lose service for an hour. The guarantee kicks in when a "minimum 10 towers [are] out for 60 or more minutes resulting from a single incident," and the customer "was connected to an impacted tower at the time the outage occurs," and "loses service for at least 60 consecutive minutes as a result of the outage."

The guarantee "excludes events beyond the control of AT&T, including but not limited to, natural disasters, weather-related events, or outages caused by third parties." AT&T says it will determine "in its sole discretion" whether the disruption is "a qualifying" network outage. "Consumers will automatically receive a bill credit equaling a full day of service and we'll reach out to our small business customers with options to help make it right," AT&T said. When there's an outage, AT&T said it will "notify you via e-mail or SMS to inform you that you've been impacted. Once the interruption has been resolved, we'll contact you with details about your bill credit." If AT&T fails to provide the promised credit for any reason, customers will have to call AT&T or visit an AT&T store.

To qualify for the similar fiber-outage promise, "customers must use AT&T-provided gateways," the firm said. There are other caveats that can prevent a home Internet customer from getting a bill credit. AT&T said the fiber-outage promise "excludes events beyond the control of AT&T, including but not limited to, natural disasters, weather-related events, loss of service due to downed or cut cable wires at a customer residence, issues with wiring inside customer residence, and power outages at customer premises. Also excludes outages resulting from planned maintenance." AT&T notes that some residential fiber customers in multi-dwelling units "have an account with AT&T but are not billed by AT&T for Internet service." In the case of outages, these customers would not get bill credits but would be given the option to redeem a reward card that's valued at $5 or more.

China

Akamai To Quit Its CDN in China (theregister.com) 23

An anonymous reader shares a report: Akamai has decided to end its content delivery network services in China, but not because it's finding it hard to do business in the Middle Kingdom. News of Akamai's decision to end CDN services in China emerged in a letter it recently published and sent to customers and partners that opens by reminding them the company has a "commitment to providing world-class delivery and security solutions" -- and must therefore inform them that "Effective June 30, 2026, all China CDN services will reach their decommission date."

Customers are offered a choice: do nothing and then be moved to an Akamai CDN located outside China, or use similar services from Chinese companies Tencent Cloud and Wangsu Science & Technology.

China

Ahead of SCOTUS Hearing, Study Finds TikTok Is Likely Vehicle For Chinese Propaganda (gizmodo.com) 95

A forthcoming peer-reviewed study (PDF) from Rutgers University's Network Contagion Research Institute argues that TikTok surfaces fewer anti-CCP posts compared to Instagram and YouTube, despite higher user engagement with such content. It also found that heavy TikTok usage correlates with more favorable views of China's human rights record. The findings come a Supreme Court hearing later this week on whether the federal government can ban TikTok. Gizmodo reports: The new peer-reviewed paper, which was first reported by The Free Press, begins by examining whether content on TikTok, Instagram, and YouTube related to the keywords "Tiananmen," "Tibet," "Uyghur," and "Xinjiang" tends to display pro- or anti-CCP sentiment. The researchers found that TikTok's algorithm didn't necessarily surface more pro-CCP content in response to searches for those terms, but it delivered fewer anti-CCP posts than did Instagram or YouTube and significantly more posts that were irrelevant to the subject.

In the second stage of their study, the NCRI team tested whether the lower performance of anti-CCP content was a result of less user engagement (likes and comments) with those posts. They found that TikTok users "liked or commented on anti-CCP content nearly four times as much as they liked or commented on pro-CCP content, yet the search algorithm produced nearly three times as much pro-CCP content" while there was no similar discrepancy on Instagram or YouTube.

Finally, the researchers surveyed 1,214 Americans about their social media usage and their views on China's human rights record. The more time users spent on any social media platform, the more likely they were to have favorable views of China's human rights record, the survey showed. Users were particularly more likely to have favorable views if they spent more than three hours a day using TikTok. The researchers wrote that they could not definitively conclude that spending more time on TikTok resulted in more positive views of China, but "taken together, the findings from these three studies raise the distinct possibility that TikTok is a vehicle for CCP propaganda."

The Internet

America Still Has Net Neutrality Laws - In States Like California and New York (yahoo.com) 47

A U.S. Appeals Court ruled this week that net neutrality couldn't be reinstated by America's Federal Communications Commission. But "Despite the dismantling of the FCC's efforts to regulate broadband internet service, state laws in California, New York and elsewhere remain intact," notes the Los Angeles Times: This week's decision by the 6th U.S. Circuit Court of Appeals, striking down the FCC's open internet rules, has little bearing on state laws enacted during the years-long tug-of-war over the government's power to regulate internet service providers, telecommunications experts said. In fact, some suggested that the Cincinnati-based 6th Circuit's decision — along with other rulings and the U.S. Supreme Court's posture on a separate New York case — has effectively fortified state regulators' efforts to fill the gap. "Absent an act of Congress, the FCC has virtually no role in broadband any more," Ernesto Falcon, a program manager for the California Public Utilities Commission, said in an interview. "The result of this decision is that states like California, New York and others will have to govern and regulate broadband carriers on our own."

California has one of the nation's strongest laws on net neutrality, the principle that internet traffic must be treated equally to ensure a free and open network. Former Gov. Jerry Brown signed the measure into law in 2018, months after federal regulators in President elect-Donald Trump's first administration repealed the net neutrality rules put in place under President Obama. Colorado, Oregon and other states also adopted their own standards.

The Golden State's law has already survived legal challenges. It also prompted changes in the way internet service providers offered plans and services. "California's net neutrality law, which is seen as the gold standard by consumer advocates, carries national impact," Falcon said.... "The state's authority and role in broadband access has grown dramatically now," Falcon said.

California's net neutrality rules prohibit "throttling" data speeds, according to the article.
China

Are US Computer Networks A 'Key Battlefield' in any Future Conflict with China? (msn.com) 72

In a potential U.S.-China conflict, cyberattackers are military weapons. That's the thrust of a new article from the Wall Street Journal: The message from President Biden's national security adviser was startling. Chinese hackers had gained the ability to shut down dozens of U.S. ports, power grids and other infrastructure targets at will, Jake Sullivan told telecommunications and technology executives at a secret meeting at the White House in the fall of 2023, according to people familiar with it. The attack could threaten lives, and the government needed the companies' help to root out the intruders.

What no one at the briefing knew, including Sullivan: China's hackers were already working their way deep inside U.S. telecom networks, too. The two massive hacking operations have upended the West's understanding of what Beijing wants, while revealing the astonishing skill level and stealth of its keyboard warriors — once seen as the cyber equivalent of noisy, drunken burglars. China's hackers were once thought to be interested chiefly in business secrets and huge sets of private consumer data. But the latest hacks make clear they are now soldiers on the front lines of potential geopolitical conflict between the U.S. and China, in which cyberwarfare tools are expected to be powerful weapons. U.S. computer networks are a "key battlefield in any future conflict" with China, said Brandon Wales, a former top U.S. cybersecurity official at the Department of Homeland Security, who closely tracked China's hacking operations against American infrastructure. He said prepositioning and intelligence collection by the hackers "are designed to ensure they prevail by keeping the U.S. from projecting power, and inducing chaos at home."

As China increasingly threatens Taiwan, working toward what Western intelligence officials see as a target of being ready to invade by 2027, the U.S. could be pulled into the fray as the island's most important backer... Top U.S. officials in both parties have warned that China is the greatest danger to American security.

In the infrastructure attacks, which began at least as early as 2019 and are still taking place, hackers connected to China's military embedded themselves in arenas that spies usually ignored, including a water utility in Hawaii, a port in Houston and an oil-and-gas processing facility. Investigators, both at the Federal Bureau of Investigation and in the private sector, found the hackers lurked, sometimes for years, periodically testing access. At a regional airport, investigators found the hackers had secured access, and then returned every six months to make sure they could still get in. Hackers spent at least nine months in the network of a water-treatment system, moving into an adjacent server to study the operations of the plant. At a utility in Los Angeles, the hackers searched for material about how the utility would respond in the event of an emergency or crisis. The precise location and other details of the infrastructure victims are closely guarded secrets, and couldn't be fully determined.

American security officials said they believe the infrastructure intrusions — carried out by a group dubbed Volt Typhoon — are at least in part aimed at disrupting Pacific military supply lines and otherwise impeding America's ability to respond to a future conflict with China, including over a potential invasion of Taiwan... The focus on Guam and West Coast targets suggested to many senior national-security officials across several Biden administration agencies that the hackers were focused on Taiwan, and doing everything they could to slow a U.S. response in a potential Chinese invasion, buying Beijing precious days to complete a takeover even before U.S. support could arrive.

The telecom breachers "were also able to swipe from Verizon and AT&T a list of individuals the U.S. government was surveilling in recent months under court order, which included suspected Chinese agents. The intruders used known software flaws that had been publicly warned about but hadn't been patched."

And ultimately nine U.S. telecoms were breached, according to America's deputy national security adviser for cybersecurity — including what appears to have been a preventable breach at AT&T (according to "one personal familiar with the matter"): [T]hey took control of a high-level network management account that wasn't protected by multifactor authentication, a basic safeguard. That granted them access to more than 100,000 routers from which they could further their attack — a serious lapse that may have allowed the hackers to copy traffic back to China and delete their own digital tracks.
The details of the various breaches are stunning: Chinese hackers gained a foothold in the digital underpinnings of one of America's largest ports in just 31 seconds. At the Port of Houston, an intruder acting like an engineer from one of the port's software vendors entered a server designed to let employees reset their passwords from home. The hackers managed to download an encrypted set of passwords from all the port's staff before the port recognized the threat and cut off the password server from its network...
Government

US Sanctions Chinese Firm Linked to Seized Botnet (msn.com) 6

Remember that massive botnet run by Chinese government hackers? Flax Typhoon "compromised computer networks in North America, Europe, Africa, and across Asia, with a particular focus on Taiwan," according to the U.S. Treasury Department. (The group's botnet breaching this autumn affected "at least 260,000 internet-connected devices," reports the Washington Post, "roughly half of which were located in the United States.")

Friday America's Treasury Department sanctioned "a Beijing-based cybersecurity company for its role in multiple computer intrusion incidents against U.S. victims..." according to an announcement from the department's Office of Foreign Assets Control. "Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure."

From the Washington Post: The group behind the attacks was active since at least 2021, but U.S. authorities only managed to wrest control of the devices from the hackers in September, after the FBI won a court order that allowed the agency to send commands to the infected devices...

Treasury's designation follows sanctions announced last month on Sichuan Silence Information Technology Company, in which U.S. officials accused the company of exploiting technology flaws to install malware in more than 80,000 firewalls, including those protecting U.S. critical infrastructure. The new sanctions on Beijing Integrity Technology are notable due to the company's public profile and outsize role in servicing China's police and intelligence services via state-run hacking competitions. The company, which is listed in Shanghai and has a market capitalization of more than $327 million, plays a central role in providing state agencies "cyber ranges" — technology that allows them to simulate cyberattacks and defenses...

In September, FBI Director Christopher A. Wray said the Flax Typhoon attack successfully infiltrated universities, media organizations, corporations and government agencies, and in some cases caused significant financial losses as groups raced to replace the infected hardware. He said at the time that the operation to shut down the network was "one round in a much longer fight...." A 2024 assessment by the Office of the Director of National Intelligence said China is the most "active and persistent" cyberthreat and that actors under Beijing's direction have made efforts to breach U.S. critical infrastructure with the intention of lying in wait to be able to launch attacks in the event of major conflict.

"The Treasury sanctions bar Beijing Integrity Technology from access to U.S. financial systems and freeze any assets the company might hold in the United States," according to the article, "but the moves are unlikely to have a significant effect on the company," (according to Dakota Cary, a fellow at the Atlantic Council who has studied the company's role in state-sponsored hacking).
AI

Putin Orders Russian Government and Top Bank To Develop AI Cooperation With China (reuters.com) 13

President Vladimir Putin has directed Russia's government and the country's biggest bank, Sberbank, to strengthen AI cooperation with China, aiming to overcome Western sanctions and challenge U.S. dominance in AI innovation. Reuters reports: Putin's instructions were published on the Kremlin's website on Wednesday, three weeks after he announced that Russia would team up with BRICS partners and other countries to develop AI. He told the government and Sberbank, which is spearheading Russia's AI efforts, to "ensure further co-operation with the People's Republic of China in technological research and development in the field of artificial intelligence."

Western sanctions intended to restrict Moscow's access to the technologies it needs to sustain its war against Ukraine have resulted in the world's major producers of microchips halting exports to Russia, severely limiting its AI ambitions. Sberbank CEO German Gref acknowledged in 2023 that graphics processing units (GPUs), the microchips that underpin AI development, were the trickiest hardware for Russia to replace.

By partnering with non-Western countries, Russia is seeking to challenge the dominance of the United States in one of the most promising and crucial technologies of the 21st century. Putin said on Dec. 11 that a new AI Alliance Network would bring together specialists from BRICS countries and other interested states.

United States

US Appeals Court Blocks Biden Administration Effort To Restore Net Neutrality Rules (reuters.com) 115

A U.S. appeals court ruled on Thursday the Federal Communications Commission did not have legal authority to reinstate landmark net neutrality rules. From a report: The decision is a blow to the outgoing Biden administration that had made restoring the open internet rules a priority. President Joe Biden signed a 2021 executive order encouraging the FCC to reinstate the rules.

A three-judge panel of the Cincinnati-based 6th U.S. Circuit Court of Appeals said the FCC lacked authority to reinstate the rules initially implemented in 2015 by the agency under Democratic former President Barack Obama, but then repealed by the commission in 2017 under Republican former President Donald Trump.

The rules also forbid special arrangements in which ISPs give improved network speeds or access to favored users. The court cited the Supreme Court's June decision in a case known as Loper Bright to overturn a 1984 precedent that had given deference to government agencies in interpreting laws they administer, in the latest decision to curb the authority of federal agencies. "Applying Loper Bright means we can end the FCC's vacillations," the court ruled.

Operating Systems

SvarDOS: DR-DOS is Reborn as an Open Source OS (theregister.com) 68

SvarDOS, a compact open-source operating system derived from DR-DOS, has switched to using the EDRDOS kernel, marking a shift from its FreeDOS distribution roots. The change allows the operating system to fit on a single 1.4MB floppy disk while offering a network-capable package manager that can fetch from a repository of over 400 packages.

Unlike its rival FreeDOS, SvarDOS can run Microsoft Windows 3.1 natively, though the capability currently requires additional configuration. The system maintains compatibility with legacy DOS applications while providing modern features like FAT32 support and network connectivity.
Businesses

India Again Delays Rules To Break Payments Duopoly (techcrunch.com) 11

India has once again pushed back a contentious plan to limit major technology companies' control of the nation's digital payments system, extending a regulatory uncertainty that has weighed on the sector for years. From a report: The National Payments Corporation of India said on Tuesday it would extend the deadline for implementing a 30% cap on any individual app's share of transactions on the Unified Payments Interface, or UPI, the country's ubiquitous digital payments network, to December 31, 2026.

The decision provides temporary relief to Walmart-backed PhonePe and Google Pay, which together handle more than 85% of transactions on UPI. The network, which processes over 13 billion transactions monthly, has become the backbone of India's digital economy since its launch eight years ago.

Businesses

Over 3.1 Million Fake 'Stars' on GitHub Projects Used To Boost Rankings (bleepingcomputer.com) 23

Researchers have uncovered widespread manipulation of GitHub's star-rating system, with over 3.1 million fraudulent stars identified across 15,835 repositories, according to a new study by Socket, Carnegie Mellon University, and North Carolina State University.

The research team analyzed 20TB of data from GHArchive, spanning 6 billion GitHub events from 2019 to 2024, using their "StarScout" detection tool. The tool identified 278,000 accounts engaging in coordinated inauthentic behavior to artificially boost repository rankings.

GitHub uses stars, similar to social media likes, to rank projects and recommend content to users. The platform has previously encountered malicious exploitation of this system, including the "Stargazers Ghost Network" malware operation discovered last summer. Approximately 91% of flagged repositories and 62% of suspicious accounts were removed by October 2024.
Transportation

Electric Air Taxis are Taking Flight. Can They Succeed as a Business? (msn.com) 43

An anonymous reader shared this report from the Washington Post: Archer is aiming to launch its first commercially operated [and electrically-powered] flights with a pilot and passengers within a year in Abu Dhabi. A competitor, Joby Aviation, says it is aiming to launch passenger service in Dubai as soon as late 2025. Advancements in batteries and other technologies required for the futuristic tilt-rotor craft are moving so fast that they could soon move beyond the novelty stage and into broader commercial use in a matter of years. Both companies are laying plans to operate at the 2028 Olympics in Los Angeles...

Scaling the industry from a novelty ride for the wealthy to a broadly available commuter option will take billions more in start-up money, executives said, including building out a network of takeoff and landing areas (called vertiports) and charging stations. Some high-profile ventures have already faltered. A plan for air taxis to transport spectators around the Paris Olympics fizzled... Still, investors, including big names like Stellantis and Toyota, have poured money into Silicon Valley companies like Archer and Joby. Boeing and Airbus are developing their own versions. All are betting that quieter, greener and battery-powered aircraft can revolutionize the way people travel. Major U.S. airlines including American, Delta, Southwest and United also are building relationships and planting seeds for deals with air taxi companies.

Two interesting quotes from the article:
  • "It feels like the modern-day American Dream, where you can invent a technology and actually bring it to market even [if it's] as crazy as what some people call flying cars."

    — Adam Goldstein, CEO of Archer Aviation.
  • "They have created these amazing new aircraft that really 10 or 15 years ago would've been unimaginable. I think there's something innately attractive about being able to leapfrog all of your terrestrial obstacles. Who hasn't wished that if you live in the suburbs that, you know, something could drop into your cul-de-sac and 15 minutes later you're at the office."

    — Roger Connor, curator of the vertical flight collection at the Smithsonian's National Air and Space Museum.

Slashdot Top Deals