Author name: Kelly Newman

fcc-chair-rejects-call-to-impose-universal-service-fees-on-broadband

FCC chair rejects call to impose Universal Service fees on broadband

federal communications commission, Policy, Universal Service Fund / /
Ethernet cables connected to the ports in a wireless router

Getty Images | BernardaSv

The Federal Communications Commission chair decided not to impose Universal Service fees on Internet service, rejecting arguments for new assessments to shore up an FCC fund that subsidizes broadband network expansions and provides discounts to low-income consumers.

The $8 billion-a-year Universal Service Fund (USF) pays for FCC programs such as Lifeline discounts and Rural Digital Opportunity Fund deployment grants for ISPs. Phone companies must pay a percentage of their revenue into the fund, and telcos generally pass those fees on to consumers with a “Universal Service” line item on telephone bills.

Imposing similar assessments on broadband could increase the Universal Service Fund’s size and/or reduce the charges on phone service, spreading the burden more evenly across different types of telecommunications services. Some consumer advocates want the FCC to increase the fund in order to replace the Affordable Connectivity Program (ACP), a different government program that gives $30 monthly broadband discounts to people with low incomes but is about to run out of money because of inaction by Congress.

The Universal Service funding question is coming up now because, on April 25, the FCC is scheduled to vote on reclassifying broadband as a telecommunications service in order to re-impose the net neutrality rules scrapped during the Trump era.

Chair fears “major upheaval”

Imposing Universal Service charges on broadband would likely result in ISPs adding those costs to monthly bills and would make the net neutrality proceeding even more of a political minefield than it already is. FCC Chairwoman Jessica Rosenworcel’s net neutrality proposal takes the same stance against requiring Universal Service contributions that the FCC took in 2015 when it first imposed the net neutrality rules.

“We conclude that forbearing from imposing new universal service contribution requirements on BIAS [Broadband Internet Access Service] is in the public interest,” Rosenworcel’s proposal says. “For one thing, we agree with commenters who warn that suddenly and unnecessarily imposing new fees on broadband service could pose ‘major upheaval in what is actually a stable and equitable contribution system.’ Rather than risk this upheaval, we believe it in the public interest to proceed cautiously and incrementally.”

The deferral of action on Universal Service funding is welcome news to cable lobby group NCTA-The Internet & Television Association, even though it opposes the net neutrality plan overall. The NCTA has urged the FCC “to resist calls for immediate action and instead defer to Congress on the complex and controversial issues surrounding contribution reform.” Assessments on broadband “would almost certainly result in new passed-through fees not previously assessed on these services” and “may harm broadband adoption,” the NCTA says.

Broadband industry lobby group USTelecom has called for Big Tech firms to pay into the Universal Service Fund, an argument that has also been made repeatedly by Republican FCC Commissioner Brendan Carr.

Rosenworcel may be inclined to let Congress tackle broadband contributions to Universal Service. Her draft plan also raises the possibility of the FCC addressing the issue on its own in a separate proceeding:

Contrary to the assumption of some commenters, Commission efforts remain ongoing in this area. Congress has also been actively deliberating on legislative proposals to reform the USF contribution and funding mechanisms. USF contribution reform is an immensely complex and delicate undertaking with far-reaching consequences, and we believe that any decisions on whether and how to make BIAS providers contribute to USF funding are best addressed holistically in those ongoing discussions of USF contribution reform, on a full record and with robust input from all interested parties, rather than in this proceeding.

FCC chair rejects call to impose Universal Service fees on broadband Read More »

critical-takeover-vulnerabilities-in-92,000-d-link-devices-under-active-exploitation

Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation

Biz & IT, D-Link, exploits, Security, vulnerabilities / /

JUST ADD GET REQUEST —

D-Link won’t be patching vulnerable NAS devices because they’re no longer supported.

Photograph depicts a security scanner extracting virus from a string of binary code. Hand with the word

Getty Images

Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday.

Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending malicious commands through simple HTTP traffic. The vulnerability came to light two weeks ago. The researcher said they were making the threat public because D-Link said it had no plans to patch the vulnerabilities, which are present only in end-of-life devices, meaning they are no longer supported by the manufacturer.

An ideal recipe

On Monday, researchers said their sensors began detecting active attempts to exploit the vulnerabilities starting over the weekend. Greynoise, one of the organizations reporting the in-the-wild exploitation, said in an email that the activity began around 02: 17 UTC on Sunday. The attacks attempted to download and install one of several pieces of malware on vulnerable devices depending on their specific hardware profile. One such piece of malware is flagged under various names by 40 endpoint protection services.

Security organization Shadowserver has also reported seeing scanning or exploits from multiple IP addresses but didn’t provide additional details.

The vulnerability pair, found in the nas_sharing.cgi programming interface of the vulnerable devices, provide an ideal recipe for remote takeover. The first, tracked as CVE-2024-3272 and carrying a severity rating of 9.8 out of 10, is a backdoor account enabled by credentials hardcoded into the firmware. The second is a command-injection flaw tracked as CVE-2024-3273 and has a severity rating of 7.3. It can be remotely activated with a simple HTTP GET request.

Netsecfish, the researcher who disclosed the vulnerabilities, demonstrated how a hacker could remotely commandeer vulnerable devices by sending a simple set of HTTP requests to them. The code looks like this: 

GET /cgi-bin/nas_sharing.cgiuser=messagebus&passwd=&cmd=15&system=

In the exploit example below, the text inside the first red rectangle contains the hardcoded credentials—username messagebus and an empty password field—while the next rectangle contains a malicious command string that has been base64 encoded.

netsecfish

“Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access to sensitive information, modification of system configurations, or denial of service conditions,” netsecfish wrote.

Last week, D-Link published an advisory. D-Link confirmed the list of affected devices:

Model Region Hardware Revision End of Service Life

 Fixed Firmware Conclusion Last Updated
DNS-320L All Regions All H/W Revisions 05/31/2020 : Link  Not Available Retire & Replace Device

 04/01/2024
DNS-325 All Regions All H/W Revisions 09/01/2017 : Link Not Available Retire & Replace Device 04/01/2024
DNS-327L All Regions All H/W Revisions 05/31/2020 : Link

 Not Available Retire & Replace Device 04/01/2024
DNS-340L All Regions All H/W Revisions 07/31/2019 : Link Not Available Retire & Replace Device 04/01/2024

According to netsecfish, Internet scans found roughly 92,000 devices that were vulnerable.

netsecfish

According to the Greynoise email, exploits company researchers are seeing look like this: 

GET /cgi-bin/nas_sharing.cgi?dbg=1&cmd=15&user=messagebus&passwd=&cmd=Y2QgL3RtcDsgcLnNo HTTP/1.1

Other malware invoked in the exploit attempts include:

The best defense against these attacks and others like them is to replace hardware once it reaches end of life. Barring that, users of EoL devices should at least ensure they’re running the most recent firmware. D-Link provides this dedicated support page for legacy devices for owners to locate the latest available firmware. Another effective protection is to disable UPnP and connections from remote Internet addresses unless they’re absolutely necessary and configured correctly.

Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation Read More »

kamikaze-bacteria-explode-into-bursts-of-lethal-toxins

Kamikaze bacteria explode into bursts of lethal toxins

biochemistry, Biology, Genetics, infections, plague, Science, toxins / /

The needs of the many… —

If you make a big enough toxin, it’s difficult to get it out of the cells.

Colorized scanning electron microscope, SEM, image of Yersinia pestis bacteria

Enlarge / The plague bacteria, Yersina pestis, is a close relative of the toxin-producing species studied here.

Life-forms with no brain are capable of some astounding things. It might sound like sci-fi nightmare fuel, but some bacteria can wage kamikaze chemical warfare.

Pathogenic bacteria make us sick by secreting toxins. While the release of smaller toxin molecules is well understood, methods of releasing larger toxin molecules have mostly eluded us until now. Researcher Stefan Raunser, director of the Max Planck Institute of Molecular Physiology, and his team finally found out how the insect pathogen Yersinia entomophaga (which attacks beetles) releases its large-molecule toxin.

They found that designated “soldier cells” sacrifice themselves and explode to deploy the poison inside their victim. “YenTc appears to be the first example of an anti-eukaryotic toxin using this newly established type of secretion system,” the researchers said in a study recently published in Nature.

Silent and deadly

Y. entomophaga is part of the Yersinia genus, relatives of the plague bacteria, which produce what are known as Tc toxins. Their molecules are huge as far as bacterial toxins go, but, like most smaller toxin molecules, they still need to make it through the bacteria’s three cell membranes before they escape to damage the host. Raunser had already found in a previous study that Tc toxin molecules do show up outside the bacteria. What he wanted to see next was how and when they exit the bacteria that makes them.

To find out what kind of environment is ideal for Y. entomophaga to release YenTC, the bacteria were placed in acidic (PH under 7) and alkaline (PH over 7) mediums. While they did not release much in the acidic medium, the bacteria thrived in the high PH of the alkaline medium, and increasing the PH led it to release even more of the toxin. The higher PH environment in a beetle is around the mid-end of its gut, so it is now thought that most of the toxin is liberated when the bacteria reach that area.

How YenTc is released was more difficult to determine. When the research team used mass spectrometry to take a closer look at the toxin, they found that it was missing something: There was no signal sequence that indicated to the bacteria that the protein needed to be transported outside the bacterium. Signal sequences, also known as signal peptides, are kind of like built-in tags for secretion. They are in charge of connecting the proteins (toxins are proteins) to a complex at the innermost cell membrane that pushes them through. But YenTC apparently doesn’t need a signal sequence to export its toxins into the host.

About to explode

So how does this insect killer release YenTc, its most formidable toxin? The first test was a process of elimination. While YenTc has no signal sequence, the bacteria have different secretion systems for other toxins that it releases. Raunser thought that knocking out these secretion systems using gene editing could possibly reveal which one was responsible for secreting YenTc. Every secretion system in Y. entomophaga was knocked out until no more were left, yet the bacteria were still able to secrete YenTc.

The researchers then used fluorescence microscopy to observe the bacteria releasing its toxin. They inserted a gene that encodes a fluorescent protein into the toxin gene so the bacteria would glow when making the toxin. While not all Y. entomophaga cells produced YenTc, those that did (and so glowed) tended to be larger and more sluggish. To induce secretion, PH was raised to alkaline levels. Non-producing cells went about their business, but YenTc-expressing cells only took minutes to collapse and release the toxin.

This is what’s called a lytic secretion system, which involves the rupture of cell walls or membranes to release toxins.

“This prime example of self-destructive cooperation in bacteria demonstrates that YenTc release is the result of a controlled lysis strictly dedicated to toxin release rather than a typical secretion process, explaining our initially perplexing observation of atypical extracellular proteins,” the researchers said in the same study.

Yersinia also includes pathogenic bacteria that cause tuberculosis and bubonic plague, diseases that have devastated humans. Now that the secretion mechanism of one Yersinia species has been found out, Raunser wants to study more of them, along with other types of pathogens, to see if any others have kamikaze soldier cells that use the same lytic mechanism of releasing toxins.

The discovery of Y. entomophaga’s exploding cells could eventually mean human treatments that target kamikaze cells. In the meantime, we can at least be relieved we aren’t beetles.

Nature Microbiology, 2024. DOI: 10.1038/s41564-023-01571-z

Kamikaze bacteria explode into bursts of lethal toxins Read More »

gravitational-waves-reveal-“mystery-object”-merging-with-a-neutron-star

Gravitational waves reveal “mystery object” merging with a neutron star

astrophysics, gravitational waves, LIGO, LIGO/VIRGO/KAGRA, neutron star merger, neutron stars, Physics, Science / /

mind the gap —

The so-called “mass gap” might be less empty than physicists previously thought.

Artistic rendition of a black hole merging with a neutron star.

Enlarge / Artistic rendition of a black hole merging with a neutron star. LIGO/VIRGO/KAGRA detected a merger involving a neutron star and what might be a very light black hole falling within the “mass gap” range.

LIGO-India/ Soheb Mandhai

The LIGO/VIRGO/KAGRA collaboration searches the universe for gravitational waves produced by the mergers of black holes and neutron stars. It has now announced the detection of a signal indicating a merger between two compact objects, one of which has an unusual intermediate mass—heavier than a neutron star and lighter than a black hole. The collaboration provided specifics of their analysis of the merger and the “mystery object” in a draft manuscript posted to the physics arXiv, suggesting that the object might be a very low-mass black hole.

LIGO detects gravitational waves via laser interferometry, using high-powered lasers to measure tiny changes in the distance between two objects positioned kilometers apart. LIGO has detectors in Hanford, Washington state, and in Livingston, Louisiana. A third detector in Italy, Advanced VIRGO, came online in 2016. In Japan, KAGRA is the first gravitational-wave detector in Asia and the first to be built underground. Construction began on LIGO-India in 2021, and physicists expect it will turn on sometime after 2025.

To date, the collaboration has detected dozens of merger events since its first Nobel Prize-winning discovery. Early detected mergers involved either two black holes or two neutron stars, but in 2021, LIGO/VIRGO/KAGRA confirmed the detection of two separate “mixed” mergers between black holes and neutron stars.

Most objects involved in the mergers detected by the collaboration fall into two groups: stellar-mass black holes (ranging from a few solar masses to tens of solar masses) and supermassive black holes, like the one in the middle of our Milky Way galaxy (ranging from hundreds of thousands to billions of solar masses). The former are the result of massive stars dying in a core-collapse supernova, while the latter’s formation process remains something of a mystery. The range between the heaviest known neutron star and the lightest known black hole is known as the “mass gap” among scientists.

There have been gravitational wave hints of compact objects falling within the mass gap before. For instance, as reported previously, in 2019, LIGO/VIRGO picked up a gravitational wave signal from a black hole merger dubbed “GW190521,” that produced the most energetic signal detected thus far, showing up in the data as more of a “bang” than the usual “chirp.” Even weirder, the two black holes that merged were locked in an elliptical (rather than circular) orbit, and their axes of spin were tipped far more than usual compared to those orbits. And the new black hole resulting from the merger had an intermediate mass of 142 solar masses—smack in the middle of the mass gap.

Masses in the stellar graveyard.

Enlarge / Masses in the stellar graveyard.

xIGO-Virgo-KAGRA / Aaron Geller / Northwestern

That same year, the collaboration detected another signal, GW 190814, a compact binary merger involving a mystery object that also fell within the mass gap. With no corresponding electromagnetic signal to accompany the gravitational wave signal, astrophysicists were unable to determine whether that object was an unusually heavy neutron star or an especially light black hole. And now we have a new mystery object within the mass gap in a merger event dubbed “GW 230529.”

“While previous evidence for mass-gap objects has been reported both in gravitational and electromagnetic waves, this system is especially exciting because it’s the first gravitational-wave detection of a mass-gap object paired with a neutron star,” said co-author Sylvia Biscoveanu of Northwestern University. “The observation of this system has important implications for both theories of binary evolution and electromagnetic counterparts to compact-object mergers.”

See where this discovery falls within the mass gap.

Enlarge / See where this discovery falls within the mass gap.

Shanika Galaudage / Observatoire de la Côte d’Azur

LIGO/VIRGO/KAGRA started its fourth observing run last spring and soon picked up GW 230529’s signal. Scientists determined that one of the two merging objects had a mass between 1.2 to 2 times the mass of our sun—most likely a neutron star—while the other’s mass fell in the mass-gap range of 2.5 to 4.5 times the mass of our sun. As with GW 190814, there were no accompanying bursts of electromagnetic radiation, so the team wasn’t able to conclusively identify the nature of the more massive mystery object located some 650 million light-years from Earth, but they think it is probably a low-mass black hole. If so, the finding implies an increase in the expected rate of neutron star–black hole mergers with electromagnetic counterparts, per the authors.

“Before we started observing the universe in gravitational waves, the properties of compact objects like black holes and neutron stars were indirectly inferred from electromagnetic observations of systems in our Milky Way,” said co-author Michael Zevin, an astrophysicist at the Adler Planetarium. “The idea of a gap between neutron-star and black-hole masses, an idea that has been around for a quarter of a century, was driven by such electromagnetic observations. GW230529 is an exciting discovery because it hints at this ‘mass gap’ being less empty than astronomers previously thought, which has implications for the supernova explosions that form compact objects and for the potential light shows that ensue when a black hole rips apart a neutron star.”

arXiv, 2024. DOI: 10.48550/arXiv.2404.04248  (About DOIs).

Gravitational waves reveal “mystery object” merging with a neutron star Read More »

after-pushing-cloud-storage,-tv-provider-to-auto-delete-61-day-old-dvr-recordings

After pushing cloud storage, TV provider to auto-delete 61-day-old DVR recordings

Bell Canada, cable, Canada, Cloud, Policy, streaming, Tech / /

“Wish I knew this before” —

Customers originally had 365 days to enjoy the recordings.

hand holding tv remote in front of TV with static

Canadian telecom Bell Canada has been pushing its cloud-based DVR service to its Fibe TV subscribers for years. While it has given customers advantages, like the ability to view their recordings from more devices, such as phones, compared to using local DVR storage, users don’t have as much control over the recordings as they thought they had.

On May 1, Fibe TV will automatically delete recordings stored on its Cloud PVR (personal video recorder) offering once the recordings hit 61 days of age, as confirmed by Canadian online newspaper Daily Hive. Currently, customers maintain access to recordings stored via Cloud PVR for 365 days.

Fibe TV apparently started alerting customers of the upcoming change this month.

A Bell Canada spokesperson, Jacqueline Michelis, minimized the idea of disruption to customers, telling Daily Hive: “The viewing of nearly all recordings takes place within 60 days, so there is minimal impact to customers.” Michelis didn’t provide more details on how Bell Canada arrived at this conclusion.

An X user (formerly Twitter) user going by SimonDingleyTV shared what he said was a notice he received from Fibe TV about the policy change. He claimed that a company representative told him that the reason for the change was to “save space.”

Bell updated its website to acknowledge the time limit and noted that Cloud PVR also has a limit of up to 320 hours of recordings. If users surpass that limit, the oldest recordings will start getting deleted.

“Absolutely ridiculous”

Customers have turned to Bell Canada’s online support forum to share their discontent with the changes, with some saying that they don’t align with the services they expected to receive when signing up for Fibe TV. Thankfully, Bell Canada won’t be able to delete recordings stored on DVR hardware inside customers’ homes.

Other complaints are coming from users whose recordings are being deleted even when they haven’t come close to maxing out their cloud storage or if their recordings aren’t available on demand.

A user going by camisotro on Bell Canada’s online support forum called the announcement “absolutely ridiculous” and condemned what they perceived to be years of telecoms pushing back against users’ ability to record content:

… Bell eliminated the option for any device that actually records TV locally, forcing customers onto an inferior TV box with ‘Cloud PVR.’ Now they are nerfing it to a nearly useless 60 days of recording. This is not the service I signed up for on contract, and yet I am still continuing to pay increasing prices.

Like rivals, Bell pushed customers toward cloud-based DVR, with its website stating, “Fibe TV has evolved to a cloud-based storage system for all your recordings.”

However, some users may not have realized the trade-offs.

“Wish I knew this before I traded PVRs to change to cloud storage! No one told us that !!!,” a forum user known as Crazy aunt said.

Another user, Thornquills, called the news a “deal-breaker” because they’re “paying $10.00/month for cloud storage,” and “2 months is too restrictive, in my opinion.”

Meanwhile, Bell Canada rival Rogers Ignite confirmed to The Canadian Press that it will continue allowing its customers to keep DVR recordings stored in the cloud for one year, as its cloud PVR offering exists to “help manage storage capacity.”

Fibe TV’s policy change comes about two months after Bell Canada announced that it was laying off 4,800 workers and selling 45 of its 103 radio stations.

After pushing cloud storage, TV provider to auto-delete 61-day-old DVR recordings Read More »

android’s-bluetooth-trackers-are-finally-shipping-in-late-may

Android’s Bluetooth trackers are finally shipping in late May

bluetooth trackers, Google, Tech / /

Just merge the networks already —

The one-year wait for Apple’s cross-platform safety measures is almost over.

  • Chipolo’s trackers. The keychain tracker takes a CR2023 battery; the card is not rechargeable.

  • Pebblebee’s trackers are all rechargeable.

  • Google’s “Find My Device” app.

    Google

After an announcement that ended up being a year early, Android’s version of Tile/AirTags is ready to launch. Google has been gearing up on the software side of things to enable a Bluetooth tracking network on Android, and the company’s two tracking tag hardware partners, Pebblebee and Chipolo, now have ship dates. The two companies each have a press release today, with Pebblebee saying its trackers will ship in “late May,” while Chipolo says it will ship “after May 27th.” Google has a blog post out, too, promising “additional Bluetooth tags from Eufy, Jio, Motorola and more” later this year.

Both sets of devices have been up for preorder for a year now, and it doesn’t seem like anything has changed since. Both companies are offering little Bluetooth trackers in a keychain tag or credit card format, and Pebblebee has a third stick-on tag format. They’ll all be anonymously tracked by Android’s 3 billion-device Bluetooth tracker network, and the device owner will be able to see them in Google’s “Find my device” app.

Chipolo’s “One Point” key chain tag is the only thing that takes a CR2032 coin cell battery, while the company’s credit card tracker is not rechargeable. Pebblebee’s key chain, credit card, and stick-on tracker all have rechargeable batteries, including the wallet card, which is very rare! Nothing has UWB for precise location tracking—everything uses a speaker. Both companies sell multiple SKUs of what look like the exact same product but are locked to Google’s or Apple’s network—no switching allowed.

These were all supposed to come out in 2023 originally. Google’s patch notes say that the tracking network shipped in Android in December 2022, even though nothing is using it. The company has actually been waiting on Apple. In May 2023, Google and Apple announced a joint standard for “unknown tracker” alerts. While the two networks will not be compatible, they will team up to alert users if a tracker is being used to stalk them. All this hardware was announced a week later, but in July 2023, Google shipped what a spokesperson called, “a custom implementation” for AirTags (enabling Android phones to alert users to an unknown AirTag), and the company said it wouldn’t enable its tracking network until the joint tracking detection standard with Apple was ready. It looks like Apple will do that in iOS 17.5. iOS 17.5 is expected to be out—you guessed it—at the end of May, so these tags can finally ship.

9: 00pm update: A Google spokesperson told us Google’s July release of Android’s unwanted AirTag detection is “a custom implementation” and not the joint standard.

Listing image by Chipolo

Android’s Bluetooth trackers are finally shipping in late May Read More »

hong-kong-monkey-encounter-lands-man-in-icu-with-rare,-deadly-virus

Hong Kong monkey encounter lands man in ICU with rare, deadly virus

B virus, CDC, health, Hong Kong, ICU, infection, macaques, Monkey, Science / /

rare but deadly —

The man had recently visited a country park known for its macaque monkeys.

This photo taken in August 2014 shows macaque monkeys in a country park in Hong Kong.

Enlarge / This photo taken in August 2014 shows macaque monkeys in a country park in Hong Kong.

A 37-year-old man is fighting for his life in an intensive care unit in Hong Kong after being wounded by monkeys during a recent park visit and contracting a rare and deadly virus spread by primates.

The man, who was previously in good health, was wounded by wild macaque monkeys during a visit to Kam Shan Country Park in late February, according to local health officials. The park is well known for its conservation of wild macaques and features an area that locals call “Monkey Hill” and describe as a macaque kingdom.

On March 21, he was admitted to the hospital with a fever and “decreased conscious level,” health officials reported. As of Wednesday, April 3, he was in the ICU listed in critical condition. Officials reported the man’s case Wednesday after testing of his cerebrospinal fluid revealed the presence of B virus.

B virus, also known as herpes B virus or herpesvirus simiae, is a common infection in macaques, usually causing asymptomatic or mild disease. Infections in humans are extremely rare, but when they occur, they usually come from macaque encounters and are often severe and deadly. The infection can start out a lot like the flu, but the virus can move to the brain and spinal cord, causing brain damage, nerve damage, and death. The US Centers for Disease Control and Prevention estimates that about 70 percent of untreated infections in humans are fatal.

Despite the presence of macaques around Hong Kong, the man’s case is the first known B virus infection documented there. The virus was discovered in 1932, and since then only 50 human infections have been documented as of 2019, the CDC reports. Of those 50 people infected, 21 died. The agency notes that in one case, from 1997, a researcher was infected and died after bodily fluid from an infected monkey splashed into her eye. Still, contracting the virus is rare, even among people exposed to macaques. The CDC reports that there are hundreds of reports of macaque bites and scratches each year in US animal facilities, and infections remain very uncommon.

However low the risk, health officials recommend keeping your distance from wild monkeys and not feeding or touching them. If you are bitten or scratched, wash the wound immediately and seek medical attention.

Hong Kong monkey encounter lands man in ICU with rare, deadly virus Read More »

it-could-well-be-a-blockbuster-hurricane-season,-and-that’s-not-a-good-thing

It could well be a blockbuster hurricane season, and that’s not a good thing

hurricane season, Science, Space / /

It only takes one —

Although not quite literally, the Atlantic Ocean is on fire right now.

As of late March, much of the Atlantic Ocean was seeing temperatures far above normal.

Enlarge / As of late March, much of the Atlantic Ocean was seeing temperatures far above normal.

Weathermodels.com

The Atlantic hurricane season does not begin for another eight weeks, but we are deep in the heart of hurricane season prediction season.

On Thursday, the most influential of these forecasts was issued by Phil Klotzbach, a hurricane scientist at Colorado State University. To put a fine point on it, Klotzbach and his team foresee an exceptionally busy season in the Atlantic basin, which encompasses the Atlantic Ocean, Caribbean Sea, and Gulf of Mexico.

“We anticipate that the 2024 Atlantic basin hurricane season will be extremely active,” Klotzbach wrote in his forecast discussion.

The Colorado State forecast calls for 23 named storms, more than 50 percent higher than a typical season of 14.4 named storms; and 11 hurricanes, above a normal total of seven. Additionally, the forecast predicts that the season’s accumulated cyclone energy—a summation of the duration and intensity of storms across the whole basin—will be 70 percent greater than normal. If the forecast is accurate, the year 2024 would rank among the top 10 most active Atlantic hurricane seasons in a century and a half of records.

This forecast is not out of line with other seasonal predictions. Dozens of organizations, from private groups to individual forecasters to media properties, issue these kinds of seasonal predictions. But Colorado State’s is the longest-running and most influential, and its release underscores what is indeed expected to be a very busy season for tropical storms, hurricanes, and major hurricanes.

What’s driving this?

Klotzbach cites two major factors driving the busy year. The primary one is sea surface temperatures in the eastern and central Atlantic, where tropical systems develop. These seas are seeing record warm temperatures for April—indeed, in many places, the Atlantic is already as warm as it typically would be in June. Undoubtedly climate change is a central factor behind this warming.

Warm seas are one precursor to tropical systems, but they are just one condition necessary for a low-pressure system to organize into a tropical depression.

Another is low wind shear, as cross-directional winds can literally shear a storm apart. While it is not possible to forecast wind shear months ahead of a season, the presence of El Niño or La Niña in the Pacific Ocean is a pretty useful indicator.

In this case, there’s more bad news. The present (weak) El Niño in the Pacific is likely to transition into a La Niña by this summer, especially in August or September. That matters because these are typically the most frenetic months for activity, and with a La Niña in place, wind shear is likely to be lower overall in the Atlantic basin.

This is the first of several forecasts Klotzbach will issue for the upcoming season, and although predictions in April typically have lower skill, it is difficult to ignore the signals out there. “While the skill of this prediction is low, our confidence is higher than normal this year for an early April forecast given how hurricane-favorable the large-scale conditions appear to be,” he wrote.

What does this mean?

Most coastal areas along the Atlantic, Caribbean, and Gulf will not be affected by a hurricane in any given year. I live and work in Houston, which is the largest city in the Atlantic basin that regularly sees significant hurricane threats. But even here, in the subtropics, we only see large, direct impacts from a hurricane or tropical storm about every 10 years.

What a busy season does is load the dice. More activity means a greater likelihood that one of those storms will venture closer to where one lives. So the threat of a hurricane is there every year; it’s just that the threat is greater in some years.

There is an old, oft-repeated adage in hurricane forecasting circles: “It only takes one.” This means that even during a slow season if there’s just one hurricane and it hits you, it was a busy hurricane season for you. We experienced this in Houston back in 1983 when the very first named storm of the year, a hurricane named Alicia, made landfall near the city on August 17. There ended up being just four named storms in 1984, but unfortunately for Houston, one of them struck here.

A busy forecast like this doesn’t mean a whole lot for coastal residents. We really need to be prepared every year, knowing our vulnerabilities to a hurricane, knowing when we need to evacuate, where we would go, and what we would need to take.

However, it does have implications for first responders and government organizations tasked with dealing with hurricane aftermath, such as the Federal Emergency Management Agency. Thus, it seems prudent that the recently passed federal budget for fiscal year 2024 tucked $20.3 billion into the agency’s Disaster Relief Fund.

It could well be a blockbuster hurricane season, and that’s not a good thing Read More »

elon-musk-shares-“extremely-false”-allegation-of-voting-fraud-by-“illegals”

Elon Musk shares “extremely false” allegation of voting fraud by “illegals”

elon musk, Policy, texas, voter fraud, woke / /
Elon Musk's account on X (formerly Twitter) displayed on a smartphone next to a large X logo.

Getty Images | Nathan Stirk

Texas Secretary of State Jane Nelson yesterday issued a statement debunking claims of widespread voter fraud that were amplified by X owner Elon Musk on the social network formerly named Twitter. Election officials in two other states also disputed the “extremely false” information shared by Musk.

Musk is generally a big fan of Texas, but on Tuesday he shared a post by the account “End Wokeness” that claimed, “The number of voters registering without a photo ID is SKYROCKETING in 3 key swing states: Arizona, Texas, and Pennsylvania.” The account claimed there were 1.25 million such registrations in Texas since the beginning of 2024, over 580,000 in Pennsylvania, and over 220,000 in Arizona.

“Extremely concerning,” Musk wrote in a retweet re-X. The End Wokeness post shared by Musk suggested that “illegals” are registering to vote in large numbers by using Social Security numbers that can be obtained for work authorizations. The End Wokeness post has been viewed 63 million times so far, and Musk’s re-post has been viewed 58.2 million times.

Nelson’s statement on the Texas government’s website called the claim “totally inaccurate.” For one thing, the real number of voter registrations is a small fraction of the number claimed in the post shared by Musk, the secretary of state wrote:

It is totally inaccurate that 1.2 million voters have registered to vote in Texas without a photo ID this year. The truth is our voter rolls have increased by 57,711 voters since the beginning of 2024. This is less than the number of people registered in the same timeframe in 2022 (about 65,000) and in 2020 (about 104,000).

“Extremely false”

The Texas Secretary of State office reports having 17,948,242 registered voters for the March 2024 elections, a gain of just under 189,000 voters since November 2023. The total gain over the past 24 months is a little over 764,000.

Pennsylvania’s data shows the state has 8.7 million registered voters and 87,440 voter registrations so far in 2024. Most of those were applications for party changes, while the other 39,877 were new-voter registrations.

Arizona’s total number of registered voters has been declining. While Arizona had 4.28 million registered voters in 2020 and 4.14 million in 2022, the state’s tally in March 2024 was 4,096,260.

Musk’s “Extremely concerning” post got a reply from Maricopa County Recorder Stephen Richer, who called it “extremely false.”

“We haven’t even had that many new registrants TOTAL in 2024 in Arizona,” stated Richer, an elected official and Republican who has been active in calling out election misinformation on X. “And we have fewer than 35,000 registrants (out of 4.1 million registered voters in Arizona) who haven’t provided documented proof of citizenship.”

Musk’s platform has faced plenty of criticism over its moderation of misinformation on elections and other topics. After reports of deep cuts to X’s election integrity team in September 2023, Musk claimed the ex-X employees were “undermining election integrity.”

Elon Musk shares “extremely false” allegation of voting fraud by “illegals” Read More »

mars-may-not-have-had-liquid-water-long-enough-for-life-to-form

Mars may not have had liquid water long enough for life to form

astronomy, carbon dioxide, Mars, planetary science, Science, water / /

Subliminal —

Lab experiments suggest gullies on Mars might form when carbon dioxide heats up.

Image of a grey-colored slope with channels cut into it.

Mars has a history of liquid water on its surface, including lakes like the one that used to occupy Jezero Crater, which have long since dried up. Ancient water that carried debris—and melted water ice that presently does the same—were also thought to be the only thing driving the formation of gullies spread throughout the Martian landscape. That view may now change thanks to new results that suggest dry ice can also shape the landscape.

It’s sublime

Previously, scientists were convinced that only liquid water shaped gullies on Mars because that’s what happens on Earth. What was not taken into account was sublimation, or the direct transition of a substance from a solid to a gaseous state. Sublimation is how CO2 ice disappears (sometimes water ice experiences this, too).

Frozen carbon dioxide is everywhere on Mars, including in its gullies. When CO2 ice sublimates on one of these gullies, the resulting gas can push debris further down the slope and continue to shape it.

Led by planetary researcher Lonneke Roelofs of Utrecht University in the Netherlands, a team of scientists has found that the sublimation of CO2 ice could have shaped Martian gullies, which might mean the most recent occurrence of liquid water on Mars may have been further back in time than previously thought. That could also mean the window during which life could have emerged and thrived on Mars was possibly smaller.

“Sublimation of CO2 ice, under Martian atmospheric conditions, can fluidize sediment and creates morphologies similar to those observed on Mars,” Roelofs and her colleagues said in a study recently published in Communications Earth & Environment.

Into thin air

Earth and Martian gullies have basically the same morphology. The difference is that we’re certain that liquid water is behind their formation and continuous shaping and re-shaping on Earth. Such activity includes new channels being carved out and more debris being taken to the bottom.

While ancient Mars may have had enough stable liquid water to pull this off, there is not enough on the present surface of Mars to sustain that kind of activity. This is where sublimation comes in. CO2 ice has been observed on the surface of Mars at the same time that material starts flowing.

After examining observations like these, the researchers hypothesized these flows are pushed downward by gas as the frozen carbon dioxide sublimates. Because of the low pressure on Mars, sublimation creates a relatively greater gas flux than it would on Earth—enough power to make fluid motion of material possible.

There are two ways sublimation can be triggered to get these flows moving. When part of a more exposed area of a gully collapses, especially on a steep slope, sediment and other debris that have been warmed by the Sun can fall on CO2 ice in a shadier and cooler area. Heat from the falling material could supply enough energy for the frost to sublimate. Another possibility is that CO2 ice and sediment can break from the gully and fall onto warmer material, which will also trigger sublimation.

Mars in a lab

There is just one problem with these ideas: since humans have not landed on Mars (yet), there are no in situ observations of these phenomena, only images and data beamed back from spacecraft. So, everything is hypothetical. The research team would have to model Martian gullies to watch the action in real time.

To re-create a part of the red planet’s landscape in a lab, Roelofs built a flume in a special environmental chamber that simulated the atmospheric pressure of Mars. It was steep enough for material to move downward and cold enough for CO2 ice to remain stable. But the team also added warmer adjacent slopes to provide heat for sublimation, which would drive movement of debris. They experimented with both scenarios that might happen on Mars: heat coming from beneath the CO2 ice and warm material being poured on top of it. Both produced the kinds of flows that had been hypothesized.

For further evidence that flows driven by sublimation would happen under certain conditions, two further experiments were conducted, one under Earth-like pressures and one without CO2 ice. No flows were produced by either.

“For the first time, these experiments provide direct evidence that CO2 sublimation can fluidize, and sustain, granular flows under Martian atmospheric conditions,” the researchers said in the study.

Because this experiment showed that gullies and systems like them can be shaped by sublimation and not just liquid water, it raises questions about how long Mars had a sufficient supply of liquid water on the surface for any organisms (if they existed at all) to survive. Its period of habitability might have been shorter than it was once thought to be. Does this mean nothing ever lived on Mars? Not necessarily, but Roelofs’ findings could influence how we see planetary habitability in the future.

Communications Earth & Environment, 2024. DOI: 10.1038/s43247-024-01298-7

Mars may not have had liquid water long enough for life to form Read More »

after-ai-generated-porn-report,-washington-lottery-pulls-down-interactive-web-app

After AI-generated porn report, Washington Lottery pulls down interactive web app

AI, dall-e, Images, lottery, porn, Stable Diffusion, Washington State / /

You could be a winner! —

User says promo site put her uploaded selfie on a topless woman’s body.

A user of the Washington Lottery's

Enlarge / A user of the Washington Lottery’s “Test Drive a Win” website says it used AI to generate (the unredacted version of) this image with her face on a topless body.

The Washington State Lottery has taken down a promotional AI-powered web app after a local mother reported that the site generated an image with her face on the body of a topless woman.

The lottery’s “Test Drive a Win” website was designed to help visitors visualize various dream vacations they could pay for with their theoretical lottery winnings. The site included the ability to upload a headshot that would be integrated into an AI-generated tableau of what you might look like on that vacation.

But Megan (last name not given), a 50-year-old from Olympia suburb Tumwater, told conservative Seattle radio host Jason Rantz that the image of her “swim with the sharks” dream vacation on the website showed her face atop a woman sitting on a bed with her breasts exposed. The background of the AI-generated image seems to show the bed in some sort of aquarium, complete with fish floating through the air and sprawling undersea flora sitting awkwardly behind the pillows.

The corner of the image features the Washington Lottery logo.

“Our tax dollars are paying for that! I was completely shocked. It’s disturbing to say the least,” Megan told Rantz. “I also think whoever was responsible for it should be fired.”

“We don’t want something like this purported event to happen again”

The non-functional

Enlarge / The non-functional “Test Drive a Win” website as it appeared Thursday.

In a statement provided to Ars Technica, a Washington Lottery spokesperson said that the lottery “worked closely with the developers of the AI platform to establish strict parameters to govern image creation.” Despite this, the spokesperson said they were notified earlier this week that “a single user of the AI platform was purportedly provided an image that did not adhere to those guidelines.”

Despite what the spokesperson said were “thousands” of inoffensive images that the site generated in over a month, the spokesperson said that “one purported user is too many and as a result we have shut down the site” as of Tuesday.

The spokesperson did not respond to specific questions about which AI models or third-party vendors may have been used to create the site or on the specific safeguards that were crafted in an attempt to prevent results like the one reported by Megan.

Speaking to Rantz, a lottery spokesperson said the organization had “agreed to a comprehensive set of rules” for the site’s AI images, “including that people in images be fully clothed.” Following the report of the topless image, the spokesperson said they “had the developers check all the parameters for the platform.” And while they were “comfortable with the settings,” the spokesperson told Rantz they “chose to take down the site out of an abundance of caution, as we don’t want something like this purported event to happen again.”

Not a quick fix?

On his radio show, Rantz expressed surprise that the lottery couldn’t keep the site operational after rejiggering the AI’s safety settings. “In my head I was thinking, well, presumably once they heard about this they went back to the backend guidelines and just made sure it said, ‘Hey, no breasts, no full-frontal nudity,’ those kinds of things, and then they fixed it, and then they went on with their day,” Rantz said.

But it might not be that simple to effectively rein in the endless variety of visual output an AI model can generate. While models like Stable Diffusion and DALL-E have filters in place to prevent the generation of sexual or violent images, researchers have found that those models still responded to problematic prompts by generating images that were judged as “unsafe” by an image classifier a significant minority of the time. Malicious users can also use prompt-engineering tricks to get around these built-in safeguards when using popular text-based image-generation models.

We’ve seen these kinds of AI image-safety issues blow back on major corporations, too, as when Facebook’s AI sticker generator put weapons in the hands of children’s cartoon characters. More recently, a Microsoft engineer publicly accused the company’s Copilot image-generation tool of randomly creating violent and sexual imagery even after the team was warned of the issue.

The Washington Lottery’s AI issue comes a week after a report found a New York City government chatbot confabulating incorrect advice about city laws and regulations. “It’s wrong in some areas and we gotta fix it,” New York City Mayor Eric Adams said this week. “Any time you use technology, you need to put it in the real environment to iron out the kinks. You can’t live in a lab. You can’t stay in a lab forever.”

After AI-generated porn report, Washington Lottery pulls down interactive web app Read More »

fake-ai-law-firms-are-sending-fake-dmca-threats-to-generate-fake-seo-gains

Fake AI law firms are sending fake DMCA threats to generate fake SEO gains

AI, ai generation, Artificial Intelligence, backlinks, Biz & IT, DMCA, DMCA abuse, Generative Adversarial networks, generative ai, SEO, Tech / /

Dewey Fakum & Howe, LLP —

How one journalist found himself targeted by generative AI over a keyfob photo.

Updated

Face composed of many pixellated squares, joining together

Enlarge / A person made of many parts, similar to the attorney who handles both severe criminal law and copyright takedowns for an Arizona law firm.

Getty Images

If you run a personal or hobby website, getting a copyright notice from a law firm about an image on your site can trigger some fast-acting panic. As someone who has paid to settle a news service-licensing issue before, I can empathize with anybody who wants to make this kind of thing go away.

Which is why a new kind of angle-on-an-angle scheme can seem both obvious to spot and likely effective. Ernie Smith, the prolific, ever-curious writer behind the newsletter Tedium, received a “DMCA Copyright Infringement Notice” in late March from “Commonwealth Legal,” representing the “Intellectual Property division” of Tech4Gods.

The issue was with a photo of a keyfob from legitimate photo service Unsplash used in service of a post about a strange Uber ride Smith once took. As Smith detailed in a Mastodon thread, the purported firm needed him to “add a credit to our client immediately” through a link to Tech4Gods, and said it should be “addressed in the next five business days.” Removing the image “does not conclude the matter,” and should Smith not have taken action, the putative firm would have to “activate” its case, relying on DMCA 512(c) (which, in many readings, actually does grant relief should a website owner, unaware of infringing material, “act expeditiously to remove” said material). The email unhelpfully points to the main page of the Internet Archive so that Smith might review “past usage records.”

A slice of the website for Commonwealth Legal Services, with every word of that phrase, including

A slice of the website for Commonwealth Legal Services, with every word of that phrase, including “for,” called into question.

Commonwealth Legal Services

There are quite a few issues with Commonwealth Legal’s request, as detailed by Smith and 404 Media. Chief among them is that Commonwealth Legal, a firm theoretically based in Arizona (which is not a commonwealth), almost certainly does not exist. Despite the 2018 copyright displayed on the site, the firm’s website domain was seemingly registered on March 1, 2024, with a Canadian IP location. The address on the firm’s site leads to a location that, to say the least, does not match the “fourth floor” indicated on the website.

While the law firm’s website is stuffed full of stock images, so are many websites for professional services. The real tell is the site’s list of attorneys, most of which, as 404 Media puts it, have “vacant, thousand-yard stares” common to AI-generated faces. AI detection firm Reality Defender told 404 Media that his service spotted AI generation in every attorneys’ image, “most likely by a Generative Adversarial Network (GAN) model.”

Then there are the attorneys’ bios, which offer surface-level competence underpinned by bizarre setups. Five of the 12 supposedly come from acclaimed law schools at Harvard, Yale, Stanford, and University of Chicago. The other seven seem to have graduated from the top five results you might get for “Arizona Law School.” Sarah Walker has a practice based on “Copyright Violation and Judicial Criminal Proceedings,” a quite uncommon pairing. Sometimes she is “upholding the rights of artists,” but she can also “handle high-stakes criminal cases.” Walker, it seems, couldn’t pick just one track at Yale Law School.

Why would someone go to the trouble of making a law firm out of NameCheap, stock art, and AI images (and seemingly copy) to send quasi-legal demands to site owners? Backlinks, that’s why. Backlinks are links from a site that Google (or others, but almost always Google) holds in high esteem to a site trying to rank up. Whether spammed, traded, generated, or demanded through a fake firm, backlinks power the search engine optimization (SEO) gray, to very dark gray, market. For all their touted algorithmic (and now AI) prowess, search engines have always had a hard time gauging backlink quality and context, so some site owners still buy backlinks.

The owner of Tech4Gods told 404 Media’s Jason Koebler that he did buy backlinks for his gadget review site (with “AI writing assistants”). He disclaimed owning the disputed image or any images and made vague suggestions that a disgruntled former contractor may be trying to poison his ranking with spam links.

Asked by Ars if he had heard back from “Commonwealth Legal” now that five business days were up, Ernie Smith tells Ars: “No, alas.”

This post was updated at 4: 50 p.m. Eastern to include Ernie Smith’s response.

Fake AI law firms are sending fake DMCA threats to generate fake SEO gains Read More »