NATO is helping finance a project aimed at finding ways to keep the internet running should subsea cables shuttling civilian and military communications across European waters come under attack. From a report: Researchers, who include academics from the US, Iceland, Sweden and Switzerland, say they want to develop a way to seamlessly reroute internet traffic from subsea cables to satellite systems in the event of sabotage, or a natural disaster. The North Atlantic Treaty Organization's Science for Peace and Security Programme has approved a grant of as much as $433,600 for the $2.5 million project, and research institutions are providing in-kind contributions, documents seen by Bloomberg show.

Eyup Kuntay Turmus, adviser and program manager at the NATO program, confirmed the project was recently approved and said by email that implementation will start "very soon." The initiative, which hasn't yet been publicly announced, comes amid intensifying fears that Russia or China could mine, sever or otherwise tamper with undersea cables in an attempt to disrupt communications during a military crisis. Data carried through cables under the sea account for roughly $10 trillion worth of financial transactions every day, and nearly all of the NATO's internet traffic travels through them, according to the treaty organization. As a result, NATO has been ramping up efforts to protect cables over the course of the past several months.

The Internet Archive took a tumble overnight after "environmental factors" downed the Wayback Machine, leaving archive.org wobbling in a way that might bring a smile to the faces of certain publishers wishing for its demise. From a report: According to the organization, there was a "brief power outage in one of our datacenters," which was followed by "environmental factors," causing the service blackout. Those environmental factors are likely to be an increase in heat following a cooling outage. By this morning, The Internet Archive was reporting that things were back up and running again. However, some users (this writer included) are still experiencing the odd error or two when accessing the organization's services.

Remember those researchers who spent years training AI tools to analyze the reviews drivers left on the smartphone apps where they pay for EV charging?

There was one more unexpected finding. "Rideshare drivers who work for companies such as Uber are increasingly turning to electric vehicles to reduce fuel costs." That trend is boosting demand for conveniently located, publicly accessible EV chargers... "They are mostly relying on public chargers for their daily Uber needs, usually every day or every couple of days, which dramatically increases electric vehicle miles traveled," [climate fellow Omar Asensio told the Institute's blog], explaining that many drivers live in apartments that lack garages or space for a residential EV charger. Uber CEO Dara Khosrowshahi considers the issue so pressing he urged U.S. policymakers to accelerate plans to improve the nation's EV charging infrastructure in a Fast Co. op-ed in January — during the World Economic Forum in Davos, when media messaging can influence policymakers.

Independent Uber drivers, Khosrowshahi said, are converting to electric vehicles seven times faster than the general public and they tend to be disproportionately from low- and middle-income households that need access to public charging stations. "Charging infrastructure must be more equitable," Khosrowshahi wrote. "Many drivers don't have driveways or garages, so access to nearby overnight charging is essential. Yet our data shows us that Uber drivers often live in neighborhoods lacking this infrastructure. These 'charging deserts' hold countless people back from making the switch."

"Many bike riders are hopeful about a world of robot drivers that never experience road rage or get distracted by their phones," reports the Washington Post. "But some resent being guinea pigs for driverless vehicles that veer into bike lanes, suddenly stop short and confuse cyclists trying to navigate around them.

"In more than a dozen complaints submitted to the DMV, cyclists describe upsetting near misses and close calls... " Of the nearly 200 California DMV complaints analyzed by The Post, about 60 percent involved Cruise vehicles; the rest mostly involved Waymo. About a third describe erratic or reckless driving, while another third document near misses with pedestrians. The remainder involve reports of autonomous cars blocking traffic and disobeying road markings or traffic signals... Only 17 complaints involved bicyclists or bike lane disruptions. But interviews with cyclists suggest the DMV complaints represent a fraction of bikers' negative interactions with self-driving vehicles. And while most of the complaints describe relatively minor incidents, they raise questions about corporate boasts that the cars are safer than human drivers, said Christopher White, executive director of the San Francisco Bike Coalition... Robot cars could one day make roads safer, White said, "but we don't yet see the tech fully living up to the promise. ... The companies are talking about it as a much safer alternative to people driving. If that's the promise that they're making, then they have to live up to it...."

Many bicycle safety advocates support the mission of autonomous vehicles, optimistic the technology will cut injuries and deaths. They are quick to point out the carnage associated with human-driven cars: There were 2,520 collisions in San Francisco involving at least one cyclist from 2017 to 2022, according to state data analyzed by local law firm Walkup, Melodia, Kelly & Schoenberger. In those crashes, 10 cyclists died and another 243 riders were severely injured, the law firm found. Nationally, there were 1,105 cyclists killed by drivers in 2022, according to NHTSA, the highest on record...

Meanwhile, the fraction of complaints to the DMV related to bicycles demonstrates the shaky relationship between self-driving cars and cyclists. In April 2023, a Waymo edged into a crosswalk, confusing a cyclist and causing him to crash and fracture his elbow, according to the complaint filed by the cyclist. Then, in August — days after the state approved an expansion of these vehicles — a Cruise car allegedly made a right turn that cut off a cyclist. The rider attempted to stop but then flipped over their bike. "It clearly didn't react or see me!" the complaint said.

Even if self-driving cars are proven to be safer than human drivers, they should still receive extra scrutiny and aren't the only way to make roads safer, several cyclists said.
Thanks to Slashdot reader echo123 for sharing the article.

Its FOSS writes: When it comes to Linux, we get to see some really cool, and sometimes quirky projects (read Hannah Montana Linux) that try to show off what's possible, and that's not a bad thing. One such quirky undertaking has recently surfaced, which sees a sophomore trying to one-up their friend, who had booted Linux off NFS. With their work, they have been able to run Arch Linux on Google Drive.
Their ultimate idea included FUSE (which allows running file-system code in userspace). The developer's blog post explains that when Linux boots, "the kernel unpacks a temporary filesystem into RAM which has the tools to mount the real filesystem... it's very helpful! We can mount a FUSE filesystem in that step and boot normally.... " Thankfully, Dracut makes it easy enough to build a custom initramfs... I decide to build this on top of Arch Linux because it's relatively lightweight and I'm familiar with how it work."
Doing testing in an Amazon S3 container, they built an EFI image — then spent days trying to enable networking... And the adventure continues. ("Would it be possible to manually switch the root without a specialized system call? What if I just chroot?") After they'd made a few more tweaks, "I sit there, in front of my computer, staring. It can't have been that easy, can it? Surely, this is a profane act, and the spirit of Dennis Ritchie ought't've stopped me, right? Nobody stopped me, so I kept going..." I build the unified EFI file, throw it on a USB drive under /BOOT/EFI, and stick it in my old server... This is my magnum opus. My Great Work. This is the mark I will leave on this planet long after I am gone: The Cloud Native Computer.

Despite how silly this project is, there are a few less-silly uses I can think of, like booting Linux off of SSH, or perhaps booting Linux off of a Git repository and tracking every change in Git using gitfs. The possibilities are endless, despite the middling usefulness.

If there is anything I know about technology, it's that moving everything to The Cloud is the current trend. As such, I am prepared to commercialize this for any company wishing to leave their unreliable hardware storage behind and move entirely to The Cloud. Please request a quote if you are interested in True Cloud Native Computing.

Unfortunately, I don't know what to do next with this. Maybe I should install Nix?

Harvard Business School has an "Institute for Business in Global Society" that explores the societal impacts of business. And they've recently published some new AI-powered research about EV charging infrastructure, according to the Institute's blog, conducted by climate fellow Omar Asensio.

"Asensio and his team, supported by Microsoft and National Science Foundation awards, spent years building models and training AI tools to extract insights and make predictions," using the reviews drivers left (in more than 72 languages) on the smartphone apps drivers use to pay for charging. And ultimately this research identified "a significant obstacle to increasing electric vehicle (EV) sales and decreasing carbon emissions in the United States: owners' deep frustration with the state of charging infrastructure, including unreliability, erratic pricing, and lack of charging locations..." [C]harging stations in the U.S. have an average reliability score of only 78%, meaning that about one in five don't work. They are, on average, less reliable than regular gas stations, Asensio said. "Imagine if you go to a traditional gas station and two out of 10 times the pumps are out of order," he said. "Consumers would revolt...." EV drivers often find broken equipment, making charging unreliable at best and simply not as easy as the old way of topping off a tank of gas. The reason? "No one's maintaining these stations," Asensio said.
One problem? Another blog post by the Institute notes that America's approach to public charging has differed sharply from those in other countries: In Europe and Asia, governments started making major investments in public charging infrastructure years ago. In America, the initial thinking was that private companies would fill the public's need by spending money to install charging stations at hotels, shopping malls and other public venues. But that decentralized approach failed to meet demand and the Biden administration is now investing heavily to grow the charging network and facilitate EV sales... "No single market actor has sufficient incentive to build out a national charging network at a pace that meets our climate goals," the report declared. Citing research and the experience of other countries, it noted that "policies that increase access to charging stations may be among the best policies to increase EV sales." But the U.S. is far behind other countries.
Thanks to Slashdot reader NoWayNoShapeNoForm for sharing the article.

In Communications of the ACM, long-time FreeBSD contributor Poul-Henning Kamp mocks the idea that the free and open-source software movement has "come apart" and "will end in tears and regret." Economists and others focused on money — like my bank — have had a lot of trouble figuring out the free and open source software (FOSS) phenomenon, and eventually they seem to have reached the conclusion that it just makes no sense. So, they go with the flow. Recently, very serious people in the FOSS movement have started to write long and thoughtful opinion pieces about how it has all come apart and will end in tears and regret. Allow me to disagree...
What follows is a humorous history of how the Open Source movement bested a series of ill-conceived marketing failures starting after the "utterly bad" 1980s when IBM had an "unimaginably huge monopoly" — and an era of vendor lock-in from companies trying to be the next IBM: Out of that utter market failure came Minix, (Net/Free/Open)BSD, and Linux, at a median year of approximately 1991. I can absolutely guarantee that if we had been able to buy a reasonably priced and solid Unix for our 32-bit PCs — no strings attached — nobody would be running FreeBSD or Linux today, except possibly as an obscure hobby. Bill Gates would also have had a lot less of our money...
The essay moves on to when "that dot-com thing happened, fueled by the availability of FOSS operating systems, which did a much better job than any operating system you could buy — not just for the price, but in absolute terms of performance on any given piece of hardware. Thus, out of utter market failure, the FOSS movement was born."

And ultimately, the essay ends with our present day, and the phenomenon of companies that "make a business out of FOSS or derivatives thereof..." The "F" in FOSS was never silent. In retrospect, it seems clear that open source was not so much the goal itself as a means to an end, which is freedom: freedom to fix broken things, freedom from people who thought they could clutch the source code tightly and wield our ignorance of it as a weapon to force us all to pay for and run Windows Vista. But the FOSS movement has won what it wanted, and no matter how much oldsters dream about their glorious days as young revolutionaries, it is not coming back; the frustrations and anger of IT in 2024 are entirely different from those of 1991.

One very big difference is that more people have realized that source code is a liability rather than an asset. For some, that realization came creeping along the path from young teenage FOSS activists in the late 1990s to CIOs of BigCorp today. For most of us, I expect, it was the increasingly crushing workload of maintaining legacy code bases...

Monday Boeing announced plans to acquire its key supplier, Spirit AeroSystems, for $4.7 billion, according to the Associated Press — "a move that it says will improve plane quality and safety amid increasing scrutiny by Congress, airlines and the Department of Justice. Boeing previously owned Spirit, and the purchase would reverse a longtime Boeing strategy of outsourcing key work on its passenger planes."

But meanwhile, an anonymous reader shared this report from Newsweek: More than a hundred Boeing whistleblowers have contacted the U.S. aviation watchdog since the start of the year, Newsweek can reveal. Official figures show that the Federal Aviation Administration's (FAA) whistleblowing hotline has seen a huge surge of calls from workers concerned about safety problems. Since January the watchdog saw a total of 126 reports, via various channels, from workers concerned about safety problems. In 2023, there were just 11....

After a visit from FAA Administrator Mike Whitaker to a Boeing factory earlier in the year, Boeing CEO Dave Calhoun agreed to share details of the hotline with all Boeing employees. The FAA told Newsweek that the number of Boeing employees coming forward was a "sign of a healthy culture".... Newsweek also spoke to Jon Holden, president of the 751 District for the International Association of Machinists, Boeing's largest union which represents more than 32,000 aerospace workers. Holden said that numerous whistleblowers had complained to the FAA over Boeing's attempt to cut staff and reduce inspections in an effort to "speed up the rate" at which planes went out the door...

Holden's union is currently in contract negotiations with Boeing, and is attempting to secure a 40% pay rise alongside a 50-year guarantee of work security for its members.
CNN also reports on new allegations Wednesday from a former Boeing quality-control manager: that "for years workers at its 787 Dreamliner factory in Everett, Washington, routinely took parts that were deemed unsuitable to fly out of an internal scrap yard and put them back on factory assembly lines." In his first network TV interview, Merle Meyers, a 30-year veteran of Boeing, described to CNN what he says was an elaborate off-the-books practice that Boeing managers at the Everett factory used to meet production deadlines, including taking damaged and improper parts from the company's scrapyard, storehouses and loading docks... Meyers' claims that lapses he witnessed were intentional, organized efforts designed to thwart quality control processes in an effort to keep up with demanding production schedules. Beginning in the early 2000s, Meyers says that for more than a decade, he estimates that about 50,000 parts "escaped" quality control and were used to build aircraft. Those parts include everything from small items like screws to more complex assemblies like wing flaps. A single Boeing 787 Dreamliner, for example, has approximately 2.3 million parts...

Based on conversations Meyers says he had with current Boeing workers in the time since he left the company, he believes that while employees no longer remove parts from the scrapyard, the practice of using other unapproved parts in assembly lines continues. "Now they're back to taking parts of body sections — everything — right when it arrives at the Everett site, bypassing quality, going right to the airplane," Meyers said.

Company emails going back years show that Meyers repeatedly flagged the issue to Boeing's corporate investigations team, pointing out what he says were blatant violations of Boeing's safety rules. But investigators routinely failed to enforce those rules, Meyers says, even ignoring "eye witness observations and the hard work done to ensure the safety of future passengers and crew," he wrote in an internal 2022 email provided to CNN.

Windows Recall was "delayed" over concerns that storing unencrypted recordings of users' activity was a security risk.

But now Slashdot reader storagedude writes: The latest version of Microsoft's planned Windows Recall feature still contains data privacy and security vulnerabilities, according to a report by the Cyber Express.

Security researcher Kevin Beaumont — whose work started the backlash that resulted in Recall getting delayed last month — said the most recent preview version is still hackable by Alex Hagenah's "TotalRecall" method "with the smallest of tweaks."

The Windows screen recording feature could as yet be refined to fix security concerns, but some have spotted it recently in some versions of the Windows 11 24H2 release preview that will be officially released in the fall.
Cyber Express (the blog of threat intelligence vendor Cyble Inc) got this official response: Asked for comment on Beaumont's findings, a Microsoft spokesperson said the company "has not officially released Recall," and referred to the updated blog post that announced the delay, which said: "Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks."

"Beyond that, Microsoft has nothing more to share," the spokesperson added.
Also this week, the blog Android Authority wrote that Google is planning to introduce its own "Google AI" features to Pixel 9 smartphones. They include the ability to enhance screenshots, an "Add Me" tool for group photos — and also "a feature resembling Microsoft's controversial Recall" dubbed "Pixel Screenshots." Google's take on the feature is different and more privacy-focused: instead of automatically capturing everything you're doing, it will only work on screenshots you take yourself. When you do that, the app will add a bit of extra metadata to it, like app names, web links, etc. After that, it will be processed by a local AI, presumably the new multimodal version of Gemini Nano, which will let you search for specific screenshots just by their contents, as well as ask a bot questions about them.

My take on the feature is that it's definitely a better implementation of the idea than what Microsoft created.. [B]oth of the apps ultimately serve a similar purpose and Google's implementation doesn't easily leak sensitive information...

It's worth mentioning Motorola is also working on its own version of Recall — not much is known at the moment, but it seems it will be similar to Google's implementation, with no automatic saving of everything on the screen.
The Verge describes the Pixel 9's Google AI as "like Microsoft Recall but a little less creepy."

"Images captured from space show the growth of Cuba's electronic eavesdropping stations," reported the Wall Street Journal this week, citing a new report from the Center for Strategic and International Studies, a Washington-based think tank.

But they added that the stations "are believed to be linked to China," including previously-unreported construction about 70 miles from the U.S. naval base at Guantanamo Bay. (The Journal had previously reported China and Cuba were "negotiating closer defense and intelligence ties, including establishing a new joint military training facility on the island and an eavesdropping facility.") At the time, the Journal reported that Cuba and China were already jointly operating eavesdropping stations on the island, according to U.S. officials, who didn't disclose their locations. It couldn't be determined which, if any, of those are included in the sites covered by the CSIS report.

The concern about the stations, former officials and analysts say, is that China is using Cuba's geographical proximity to the southeastern U.S. to scoop up sensitive electronic communications from American military bases, space-launch facilities, and military and commercial shipping. Chinese facilities on the island "could also bolster China's use of telecommunications networks to spy on U.S. citizens," said Leland Lazarus, an expert on China-Latin America relations at Florida International University... Authors of the CSIS report, after analyzing years' worth of satellite imagery, found that Cuba has significantly upgraded and expanded its electronic spying facilities in recent years and pinpointed four sites — at Bejucal, El Salao, Wajay and Calabazar... "These are active locations with an evolving mission set," said Matthew Funaiole, a senior follow at CSIS and the report's chief author.
The CSIS web site shows some of the satellite images. "Pinpointing the specific targets of these assets is nearly impossible," they add — but since Cuba has no space program, "the types of space-tracking capabilities observed are likely intended to monitor the activities of other nations (like the United States) with a presence in orbit." While China's own satellites could also benefit from a North America-based groundstation for communications, the Cuban facilities "would also provide the ability to monitor radio traffic and potentially intercept data delivered by U.S. satellites as they pass over highly sensitive military sites across the southern United States."

The think tank points out that one possibly-installed system would be within range to monitor rocket launches from Cape Canaveral and NASA's Kennedy Space Center. "Studying these launches — particularly those of SpaceX's Falcon 9 and Falcon Heavy reusable first-stage booster rocket systems — is likely of keen interest to China as it attempts to catch up to U.S. leadership in space launch technology."

General Motors will pay nearly $146 million in penalties to the U.S. government, reports the Associated Press, "because 5.9 million of its older vehicles do not comply with emissions and fuel economy standards." The National Highway Traffic Safety Administration said in a statement Wednesday that certain GM vehicles from the 2012 through 2018 model years did not comply with federal fuel economy requirements. The penalty comes after the Environmental Protection Agency said its testing showed the GM pickup trucks and SUVs emit over 10% more carbon dioxide on average than GM's initial compliance testing claimed.

The EPA says the vehicles will remain on the road and cannot be repaired. The GM vehicles on average consume at least 10% more fuel than the window sticker numbers say, but the company won't be required to reduce the miles per gallon on the stickers, the EPA said... GM said in a statement that it complied with all regulations in pollution and mileage certification of its vehicles. The company said it is not admitting to any wrongdoing nor that it failed to comply with the Clean Air Act...

The enforcement action involves about 4.6 million full-size pickups and SUVs and about 1.3 million midsize SUVs, the EPA said. The affected models include the Chevy Tahoe, Cadillac Escalade and Chevy Silverado. About 40 variations of GM vehicles are covered. GM will be forced to give up credits used to ensure that manufacturers' greenhouse gas emissions are below the fleet standard for emissions that applies for that model year, the EPA said. In a quarterly filing with the Securities and Exchange Commission, GM said it expects the total cost to resolve the matter will be $490 million. Because GM agreed to address the excess emissions, EPA said it was not necessary to make a formal determination regarding the reasons for the excess pollution.
According to the article, David Cooke, senior vehicles analyst for the Union of Concerned Scientists, "said it's possible that GM owners could sue the company because they are getting lower gas mileage than advertised."

The article also notes that in 2014, Hyundai and Kia "entered into a settlement in which they had to pay a $100 million civil penalty to end a two year investigation into overstated gas mileage on window stickers of 1.2 million vehicles."

Longtime Slashdot reader Artem S. Tashkinov shares a report from The Hacker News: A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week. "This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone else's Internet connection. An attacker can use this information to infer websites a user visits or videos a user watches." A defining characteristic of the approach is that it obviates the need for carrying out an adversary-in-the-middle (AitM) attack or being in physical proximity to the Wi-Fi connection to sniff network traffic. Specifically, it entails tricking a target into loading a harmless asset (e.g., a file, an image, or an ad) from a threat actor-controlled server, which then exploits the victim's network latency as a side channel to determine online activities on the victim system.

To perform such a fingerprinting attack and glean what video or a website a user might be watching or visiting, the attacker conducts a series of latency measurements of the victim's network connection as the content is being downloaded from the server while they are browsing or viewing. It then involves a post-processing phase that employs a convolutional neural network (CNN) trained with traces from an identical network setup to make the inference with an accuracy of up to 98% for videos and 63% for websites. In other words, due to the network bottleneck on the victim's side, the adversary can deduce the transmitted amount of data by measuring the packet round trip time (RTT). The RTT traces are unique per video and can be used to classify the video watched by the victim. The attack is so named because the attacking server transmits the file at a snail's pace in order to monitor the connection latency over an extended period of time.

Nvidia is expected to earn $12 billion from GPU sales to China in 2024, despite U.S. trade restrictions. Research firm SemiAnalysis says the GPU maker will ship over 1 million units of its new H20 model to the Chinese market, "with each one said to cost between $12,000 and $13,000 apiece," reports The Register. From the report: This figure is said by SemiAnalysis to be nearly double what Huawei is likely to sell of its rival accelerator, the Ascend 910B, as reported by The Financial Times. If accurate, this would seem to contradict earlier reports that Nvidia had moved to cut the price of its products for the China market. This was because buyers were said to be opting instead for domestically made kit for accelerating AI workloads. The H20 GPU is understood to be the top performing model out of three Nvidia GPUs specially designed for the Chinese market to comply with rules introduced by the Biden administration last year that curb performance.

In contrast, Huawei's Ascend 910B is claimed to have performance on a par with that of Nvidia's A100 GPU. It is believed to be an in-house design manufactured by Chinese chipmaker SMIC using a 7nm process technology, unlike the older Ascend 910 product. If this forecast proves accurate, it will be a relief for Nvidia, which earlier disclosed that its sales in China delivered a "mid-single digit percentage" of revenue for its Q4 of FY2024, and was forecast to do the same in Q1 of FY 2025. In contrast, the Chinese market had made up between 20 and 25 percent of the company's revenue in recent years, until the export restrictions landed.

An anonymous reader quotes a report from TorrentFreak: With dozens of millions of monthly visits, Animeflix positioned itself as one of the most popular anime piracy portals. The site also has an active Discord community of around 35k members, who actively participate in discussions, art competitions, even a chess tournament. While rightsholders take no offense at these side-projects, the site's core business was streaming pirated videos. That hasn't gone unnoticed; last December Animeflix was listed as one of the shutdown targets of anti-piracy coalition ACE.

Whether these early enforcement efforts were responsible for the site's closure is unclear. In May, rightsholders increased the pressure through the High Court of India, obtaining a broad injunction that effectively suspended Animeflix's main domain name; Animeflix.live. This follow-up action didn't seem to hurt the site too much. It simply moved to new domains, Animeflix.gg and Animeflix.li, informing its users that the old domain name had become "unavailable." Yesterday, the site became unreachable again, initially returning a Cloudflare error message. This time, the domain wasn't the problem but, for reasons unknown, the team decided to shut down the site without prior notice.

"It is with a heavy heart that we announce the closure of Animeflix. After careful consideration, we have decided to shut down our service effective immediately. We deeply appreciate your support and enthusiasm over the years." "Thank you for being a part of our journey. We hope the joy and excitement of anime continue to brighten your days through other wonderful platforms," the Animeflix team adds. The Animeflix team doesn't provide any insight into its reasoning, but it's clear that keeping a site like that online isn't without challenges. And, when a pirate site shuts down, voluntarily or not, copyright issues typically play a role. It's clear that rightsholders were keeping an eye on the site, and were actively seeking out options to take it offline. That might have played a role in the shutdown decision but without more information from the team, we can only speculate.

An anonymous reader quotes a report from Ars Technica: More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said. For years, the JavaScript code, hosted at polyfill[.]com, was a legitimate open source project that allowed older browsers to handle advanced functions that weren't natively supported. By linking to cdn.polyfill[.]io, websites could ensure that devices using legacy browsers could render content in newer formats. The free service was popular among websites because all they had to do was embed the link in their sites. The code hosted on the polyfill site did the rest. In February, China-based company Funnull acquired the domain and the GitHub account that hosted the JavaScript code. On June 25, researchers from security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites. The code was deliberately designed to mask the redirections by performing them only at certain times of the day and only against visitors who met specific criteria.

The revelation prompted industry-wide calls to take action. Two days after the Sansec report was published, domain registrar Namecheap suspended the domain, a move that effectively prevented the malicious code from running on visitor devices. Even then, content delivery networks such as Cloudflare began automatically replacing pollyfill links with domains leading to safe mirror sites. Google blocked ads for sites embedding the Polyfill[.]io domain. The website blocker uBlock Origin added the domain to its filter list. And Andrew Betts, the original creator of Polyfill.io, urged website owners to remove links to the library immediately. As of Tuesday, exactly one week after malicious behavior came to light, 384,773 sites continued to link to the site, according to researchers from security firm Censys. Some of the sites were associated with mainstream companies including Hulu, Mercedes-Benz, and Warner Bros. and the federal government. The findings underscore the power of supply-chain attacks, which can spread malware to thousands or millions of people simply by infecting a common source they all rely on.

Airlines in Europe will be forced to raise prices to fund the cost of cutting carbon emissions, the boss of British Airways owner IAG said. From a report: Luis Gallego told the Financial Times that switching to cleaner, more expensive sustainable fuel would "have a big impact" on the industry [the link may be paywalled] and put some people off flying. "Flying is going to be more expensive. That is an issue, we are trying to improve efficiency to mitigate that, but it will have an impact on demand," he said. He added that European airlines could become less competitive because of the bloc's tough net zero targets, which include a requirement for 6 per cent of jet fuel to be from sustainable sources by 2030.

"We agree with decarbonisation ... but I think we need to do it in a consistent way worldwide not to jeopardise European aviation," Gallego said. Sustainable aviation fuel (SAF) is made from a range of non-fossil fuel sources, from waste cooking oil to crops, and can emit 70 per cent less carbon dioxide than traditional jet fuel. But very little of it is being produced -- less than 1 per cent of total aviation fuel consumption last year was from sustainable sources -- meaning it is far more expensive than jet fuel. IAG itself used 12 per cent of the world's SAF last year across its five airlines, which include British Airways, Iberia and Aer Lingus.

Google is intensifying efforts to decrease its dependency on Apple's Safari browser, as a U.S. antitrust lawsuit threatens its default search engine status on iPhones. The tech giant has been trying to shift more iPhone searches to its own apps, with the percentage rising from 25% five years ago to the low 30s recently, The Information reported Friday.

Progress has stalled in recent months, however. To attract users, Google has run advertising campaigns showcasing unique features like Lens image search. The company recently hired former Instagram executive Robby Stein to lead this initiative, potentially leveraging AI to enhance its apps' appeal. Google paid Apple over $20 billion last year for default status on Safari. Reducing this dependency could protect Google's mobile search advertising revenue if the antitrust ruling goes against it. The report adds: Google executives considered having its new AI Overviews feature, which shows AI-generated responses to search queries, appear on its mobile apps but not on Safari, people who have worked on the product said. But Google ultimately decided against that move.

An anonymous reader shares a report: Generative AI could "distort collective understanding of socio-political reality or scientific consensus," and in many cases is already doing that, according to a new research paper from Google, one of the biggest companies in the world building, deploying, and promoting generative AI. The paper, "Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data," [PDF] was co-authored by researchers at Google's artificial intelligence research laboratory DeepMind, its security think tank Jigsaw, and its charitable arm Google.org, and aims to classify the different ways generative AI tools are being misused by analyzing about 200 incidents of misuse as reported in the media and research papers between January 2023 and March 2024.

Unlike self-serving warnings from Open AI CEO Sam Altman or Elon Musk about the "existential risk" artificial general intelligence poses to humanity, Google's research focuses on real harm that generative AI is currently causing and could get worse in the future. Namely, that generative AI makes it very easy for anyone to flood the internet with generated text, audio, images, and videos. Much like another Google research paper about the dangers of generative AI I covered recently, Google's methodology here likely undercounts instances of AI-generated harm. But the most interesting observation in the paper is that the vast majority of these harms and how they "undermine public trust," as the researchers say, are often "neither overtly malicious nor explicitly violate these tools' content policies or terms of service." In other words, that type of content is a feature, not a bug.

MattSparkes writes: Secret international discussions have resulted in governments across the world imposing identical export controls on quantum computers, while refusing to disclose the scientific rationale behind the regulations. Although quantum computers theoretically have the potential to threaten national security by breaking encryption techniques, even the most advanced quantum computers currently in public existence are too small and too error-prone to achieve this, rendering the bans seemingly pointless.

The UK is one of the countries that has prohibited the export of quantum computers with 34 or more quantum bits, or qubits, and error rates below a certain threshold. The intention seems to be to restrict machines of a certain capability, but the UK government hasn't explicitly said this. A New Scientist freedom of information request for a rationale behind these numbers was turned down on the grounds of national security. France has also introduced export controls with the same specifications on qubit numbers and error rates, as has Spain and the Netherlands. Identical limits across European states might point to a European Union regulation, but that isn't the case. A European Commission spokesperson told New Scientist that EU members are free to adopt national measures, rather than bloc-wide ones, for export restrictions.

New Scientist reached out to dozens of nations to ask what the scientific basis for these matching legislative bans on quantum computer exports was, but was told it was kept secret to protect national security.

Half of the Netherlands' petrol stations are set to close in the next five to 10 years as electric cars start to take over the market, according to ING Research. From a report: The bank's economists say there will be insufficient earnings in future, with only some 2,000 of today's 4,131 gas stations remaining. "It is mainly the small, unmanned petrol stations that will disappear," says ING Research, as reported in De Telegraaf. [...]

Owners are trying to maintain turnover by increasing their sales of food and beverages, maintenance services and even car washing, ING says. But the long-term business model of independent stations will be difficult to maintain. "A quick calculation shows how long petrol station owners can still sell petrol," Dirk Mulder, Trade & Retail sector banker at ING Research, said. "A new car remains in the Dutch fleet for an average of 19 years. The last petrol and diesel cars will come onto the market in 2034 and will stay on the road until approximately 2053."