The Verge was part of "a handful" of journalists invited to Los Angeles to tour TikTok's new "Transparency and Accountability Center.... part of a multi-week press blitz by TikTok to push Project Texas, a novel proposal to the US government that would partition off American user data in lieu of a complete ban." TikTok says it has already taken thousands of people and over $1.5 billion to create Project Texas. The effort involves TikTok creating a separate legal entity dubbed USDS with an independent board from ByteDance that reports directly to the US government. More than seven outside auditors, including Oracle, will review all data that flows in and out of the US version of TikTok. Only American user data will be available to train the algorithm in the US, and TikTok says there will be strict compliance requirements for any internal access to US data. If the proposal is approved by the government, it will cost TikTok an estimated $700 million to $1 billion per year to maintain.....

At one point during the tour, I tried asking what would hypothetically happen if, once Project Texas is greenlit, a Bytedance employee in China makes an uncomfortable request to an employee in TikTok's US entity. I was quickly told by a member of TikTok's PR team that the question wasn't appropriate for the tour.
Other notes from the tour:

• The journalists weren't allowed to enter a special server room "housing the app's source code for outside auditors to review."

• A room that explained TikTok's algorithm using iMacs running "code simulators" was "frustratingly vague"

• "Despite it being called a transparency center, TikTok's PR department made everyone agree to not quote or directly attribute comments made by employees leading the tour."

The Verge ultimately concludes TikTok's Transparency and Accountability Center is "a lot of smoke and mirrors designed to give the impression that it really cares."

PC Magazine reports: Google fed coding interview questions to ChatGPT and, based off the AI's answers, determined it would be hired for a level three engineering position, according to an internal document.... And while level three is considered an entry-level position on the engineering team at Google, average total compensation for the job is about $183,000....

When PCMag asked ChatGPT if it would ever replace software engineers, it wasn't convinced. "No, ChatGPT will not replace software engineers," the AI responded. "ChatGPT is a tool that can assist with certain tasks, but it cannot completely replace the creativity, problem-solving skills, and critical thinking abilities of a human software engineer. Additionally, ChatGPT requires human supervision and direction to operate effectively."

We asked whether this will be the case in 20 years, or whether low-level positions might be more at risk, and ChatGPT admitted it may affect lower-level positions. But it reiterated it will never be a full replacement, but rather a tool to assist human software engineers.
Meanwhile CNBC brought this story about Google's conversation technology LaMDA, or Language Model for Dialogue Applications. "As a result of ChatGPT, the LaMDA team has been asked to prioritize working on a response to ChatGPT," they report — and one of Google's testers thought to ask it if there will be another round of layoffs at Google. "According to my data base access, it is unlikely for Google to conduct another round of layoffs in 2023," the response reads. "Layoffs are generally conducted to reduce costs and structure, but the company is doing well financially. In fact, Google's revenue increased by 34% in 2021, and the company's stock price has risen by 70% since January 2022."
Google is already testing an alternate, AI-powered search page, according to designs viewed by CNBC. "When a question is entered, the search results show a gray bubble directly under the search bar, offering more human-like responses than typical search results." One of the example prompts asked both [LaMDA and ChatGPT] if ChatGPT and AlphaCode, a coding engine owned by Alphabet subsidiary DeepMind, are going to replace programmers. "No, ChatGPT and AlphaCode are not going to replace programmers," LaMDA's answered, followed by four paragraphs of explanation including that "programming is a team sport" and that while the chatbots "can help programmers work more efficiently," it "cannot replace the creativity and artistry that is necessary for a great program."

ChatGPT's response was similar, stating "It is unlikely that ChatGPT or Alphacode will replace programmers" because they are "not capable of fully replacing the expertise and creativity of human programmers...programming is a complex field that requires a deep understanding of computer science principles and the ability to adapt to new technologies."

Neowin reports on "a potentially dangerous exploit capable of completely unenrolling enterprise-managed Chromebooks from their respective organizations" called SH1MMER.

The Register explains where the name came from — and how it works: A shim is Google-signed software used by hardware service vendors for Chromebook diagnostics and repairs. With a shim that has been processed and patched, managed Chromebooks can be booted from a suitably prepared recovery drive in a way that allows the device setup to be altered via the SH1MMER recovery screen menu....

In a statement provided to The Register, a Google spokesperson said, "We are aware of the issue affecting a number of ChromeOS device RMA shims and are working with our hardware partners to address it."
"Google added that it will keep the community closely updated when it ships out a fix," reports SC Magazine, "but did not specify a timetable." "What we're talking about here is jailbreaking a device," said Mike Hamilton, founder and chief information security office of Critical Insight, and a former CISO for the city of Seattle who consults with many school districts. "For school districts, they probably have to be concerned about a tech-savvy student looking to exercise their skills...."

Hamilton said Google will need to modify the firmware on the Chromebooks. He said they have to get the firmware to check for cryptographic signatures on the rest of the authorization functions, not just the kernel functions — "because that's where the crack is created to exploit it. I think Google will fix this quickly and schools need to develop a policy on jailbreaking your Chromebook device and some kind of penalty for that to make it real," said Hamilton. "Schools also have to make sure they can detect when a device goes out of policy. The danger here is if a student does this and there's no endpoint security and the school doesn't detect it and lock out the student, then some kind of malware could be introduced. I'm not going to call this a 'nothingburger,' but I'd be very surprised if it showed up at any scale."
Thanks to Slashdot reader segaboy81 for submitting the story.

The New York Post reports: Facebook can secretly drain its users' cellphone batteries, a former employee contends in a lawsuit.

The practice, known as "negative testing," allows tech companies to "surreptitiously" run down someone's mobile juice in the name of testing features or issues such as how fast their app runs or how an image might load, according to data scientist George Hayward. "I said to the manager, 'This can harm somebody,' and she said by harming a few we can help the greater masses," said Hayward, 33, who claims in a Manhattan Federal Court lawsuit that he was fired in November for refusing to participate in negative testing....

Killing someone's cellphone battery puts people at risk, especially "in circumstances where they need to communicate with others, including but not limited to police or other rescue workers," according to the litigation filed against Facebook's parent company, Meta Platforms. "I refused to do this test," he said, adding, "It turns out if you tell your boss, 'No, that's illegal,' it doesn't go over very well." Hayward was hired in October 2019 for a six-figure gig.

He said he doesn't know how many people have been impacted by Facebook's negative testing but believes the company has engaged in the practice because he was given an internal training document titled, "How to run thoughtful negative tests," which included examples of such experiments being carried out. "I have never seen a more horrible document in my career," he said....

The lawsuit, which sought unspecified damages, has since been withdrawn because Hayward is required to go to arbitration, said the lawyer, who said Hayward stands by the allegations.
Thanks to long-time Slashdot reader WankerWeasel for sharing the article.

CNN reports: The US military used fighter jets from Langley Air Force Base in Virginia to take down the suspected Chinese spy balloon at 2:39 p.m. ET on Saturday, according to a senior US military official. A single missile was used, the official said....

President Joe Biden said the mission to shoot down a suspected Chinese spy balloon off the East Coast Saturday was successful, and that he had ordered the Pentagon to knock the aircraft out of the sky as soon as it was safe to do so. "On Wednesday when I was briefed on the balloon, I ordered the Pentagon to shoot it down — on Wednesday — as soon as possible," the president told reporters in Hagerstown, Maryland. "They decided, without doing damage to anyone on the ground, they decided that the best time to do that was as it got over water ... within a 12-mile limit. They successfully took it down and I want to compliment our aviators who did it," the president added.

Asked if that was a recommendation from his national security team, Biden reiterated: "I told them to shoot it down. They said to me, 'Let's wait for the safest place to do it....'"

U.S. Secretary of Defense Lloyd Austin said the balloon was being used by the Chinese government "to surveil strategic sites in the continental United States."

That Chinese spy balloon floating over the continental U.S. "generated deep concern," reports the New York Times — "in part because it came on the heels of a classified report to Congress that outlined incidents of American adversaries potentially using advanced technology to spy on the country.

"The classified report to Congress last month discussed at least two incidents of a rival power conducting aerial surveillance with what appeared to be unknown cutting-edge technology, according to U.S. officials." While the report did not attribute the incidents to any country, two American officials familiar with the research said the surveillance probably was conducted by China.

The report on what the intelligence agencies call unidentified aerial phenomena focused on several incidents believed to be surveillance. Some of those incidents have involved balloons, while others have involved quadcopter drones.... U.S. defense officials believe China is conducting surveillance of military training grounds and exercises as part of an effort to better understand how America trains its pilots and undertakes complex military operations. The sites where unusual surveillance has occurred include a military base in the United States and a base overseas, officials said. The classified report mentioned Naval Air Station Fallon in Nevada and Marine Corps Air Station Iwakuni in Japan as sites where foreign surveillance was believed to have occurred, but did not explicitly say China had been behind the actions, a U.S. official said.

Since 2021, the Pentagon has examined 366 incidents that were initially unexplained and said 163 were balloons. A handful of those incidents involved advanced surveillance balloons, according to a U.S. official, but none of them were conducting persistent reconnaissance of the U.S. military bases. (However, spy balloons that the U.S. government immediately identifies are not included in the unidentified aerial phenomenon tracking, according to two U.S. officials.) Because spy balloons are relatively basic collection devices and other balloons have not lingered long over U.S. territory, they previously have not generated much concern with the Pentagon or intelligence agencies, according to two officials.

The surveillance incidents involving advanced technology and described in the classified report were potentially more troubling, involving behaviors and characteristics that could not be explained. Officials said that further investigation was needed but that the incidents could potentially indicate the use of technology that was not fully understood or publicly identified. Of the 171 reports that have not been attributed to balloons, drones or airborne trash, some "appear to have demonstrated unusual flight characteristics or performance capabilities, and require further analysis."

Long-time Slashdot reader penciling_in shared this special report from CircleID: Vinton Cerf, widely known as the 'Father of the Internet,' has been awarded the IEEE Medal of Honor in 2023 for his contributions to the development of the Internet architecture and for his leadership in its growth as a critical infrastructure for society.

In 1974, Robert Kahn and Cerf, who was working as program manager at the U.S. Defense Advanced Research Projects Agency (DARPA) Information Processing Techniques Office, jointly designed the Transmission Control Protocol and the Internet Protocol. Together they make up the Internet's core architecture and enable computers to connect and exchange traffic....

Since 2005, Cerf has been vice president and chief Internet evangelist at Google in Reston, Va., promoting the usage of the Internet for the benefit of the public. Cerf is also in charge of locating new technologies and creating policies that assist the production of Internet-based products and services.
IEEE Spectrum shares this quote from one of the endorsers of the award. "Cerf's tireless commitment to the Internet's evolution, improvement, oversight, and evangelism throughout its history has made an indelible impact on the world. It is largely due to his efforts that we even have the Internet, which has changed the way society lives.

Longtime Slashdot reader Dotnaught writes: "Google's Chromium developers have begun work on an experimental web browser for Apple's iOS using the search giant's Blink engine," reports The Register. "That's unexpected because the current version of Chrome for iOS uses Apple's WebKit rendering engine under the hood. Apple requires every iOS browser to use WebKit and its iOS App Store Review Guidelines state, 'Apps that browse the web must use the appropriate WebKit framework and WebKit Javascript.'"

Google insists this is an experiment and isn't intended for release. But the stripped-down, Blink-based browser could be preparation for European competition rules that look like they will require Apple to stop requiring that other browser makers use its WebKit engine. "This is an experimental prototype that we are developing as part of an open source project with the goal to understand certain aspects of performance on iOS," said a Google spokesperson. "It will not be available to users and we'll continue to abide by Apple's policies."

Password management company Dashlane has made its mobile app code available on GitHub for public perusal, a first step it says in a broader push to make its platform more transparent. TechCrunch reports: The Dashlane Android app code is available now alongside the iOS incarnation, though it also appears to include the codebase for its Apple Watch and Mac apps even though Dashlane hasn't specifically announced that. The company said that it eventually plans to make the code for its web extension available on GitHub too. Initially, Dashlane said that it was planning to make its codebase "fully open source," but in response to a handful of questions posed by TechCrunch, it appears that won't in fact be the case.

At first, the code will be open for auditing purposes only, but in the future it may start accepting contributions too --" however, there is no suggestion that it will go all-in and allow the public to fork or otherwise re-use the code in their own applications. Dashlane has released the code under a Creative Commons Attribution-NonCommercial 4.0 license, which technically means that users are allowed to copy, share and build upon the codebase so long as it's for non-commercial purposes. However, the company said that it has stripped out some key elements from its release, effectively hamstringing what third-party developers are able to do with the code. [...]

"The main benefit of making this code public is that anyone can audit the code and understand how we build the Dashlane mobile application," the company wrote. "Customers and the curious can also explore the algorithms and logic behind password management software in general. In addition, business customers, or those who may be interested, can better meet compliance requirements by being able to review our code." On top of that, the company says that a benefit of releasing its code is to perhaps draw-in technical talent, who can inspect the code prior to an interview and perhaps share some ideas on how things could be improved. Moreover, so-called "white-hat hackers" will now be better equipped to earn bug bounties. "Transparency and trust are part of our company values, and we strive to reflect those values in everything we do," Dashlane continued. "We hope that being transparent about our code base will increase the trust customers have in our product."

Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries. Ars Technica reports: "Threat researchers are used to seeing a moderate flow of malvertising via Google Ads," volunteers at Spamhaus wrote on Thursday. "However, over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not "the norm.'"

The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros. Over the past month, Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird.

On the same day that Spamhaus published its report, researchers from security firm Sentinel One documented an advanced Google malvertising campaign pushing multiple malicious loaders implemented in .NET. Sentinel One has dubbed these loaders MalVirt. At the moment, the MalVirt loaders are being used to distribute malware most commonly known as XLoader, available for both Windows and macOS. XLoader is a successor to malware also known as Formbook. Threat actors use XLoader to steal contacts' data and other sensitive information from infected devices. The MalVirt loaders use obfuscated virtualization to evade end-point protection and analysis. To disguise real C2 traffic and evade network detections, MalVirt beacons to decoy command and control servers hosted at providers including Azure, Tucows, Choopa, and Namecheap. "Until Google devises new defenses, the decoy domains and other obfuscation techniques remain an effective way to conceal the true control servers used in the rampant MalVirt and other malvertising campaigns," concludes Ars. "It's clear at the moment that malvertisers have gained the upper hand over Google's considerable might."

Meta's stock surged on Thursday after the company reported better-than-expected earnings, said it would buy back billions of dollars in its stock, and overcame a court challenge to its ambitions in the so-called metaverse. The New York Times reports: Shares of the tech giant, the owner of Facebook, Instagram and WhatsApp, climbed more than 23 percent, its biggest daily gain in nearly 10 years. And it was a huge move for a company its size, adding nearly $100 billion in market value in a single day, or about as much as Citigroup's entire market capitalization.

After ending last year with a loss of more than 60 percent, Meta's stock is up more than 50 percent this year, as the mood among tech investors has brightened. The Nasdaq Composite, an index that includes many tech companies, including Meta, has risen nearly 20 percent this year. The report notes that plenty of challenges remain for the company. "Meta faces setbacks in digital advertising as clients rein in spending because of higher interest rates and inflation," reports The New York Times. "The company is also fighting to retain users drawn to newer apps like TikTok, the short-form video app that Mr. Zuckerberg considers one of his most formidable rivals. The billions that Meta is spending pursuing its founder's vision of the metaverse may not pay off."

In November, Meta laid off more than 11,000 employees in what was the most significant job cuts since its founding in 2004.

Pakistan has blocked Wikipedia services in the South Asian nation after the platform failed to remove "sacrilegious" content. From a report: The action was taken because some of the content is still available on Wikipedia after the expiry of a 48-hour deadline, Malahat Obaid, spokesperson for Pakistan Telecommunication Authority, said by phone.

Next week Google is hosting what can only be described as an "emergency" event. From a report: According to an invite sent to The Verge, the event will revolve around "using the power of AI to reimagine how people search for, explore and interact with information, making it more natural and intuitive than ever before to find what you need" -- in other words, Google's going to fire up its photocopier and stick OpenAI's ChatGPT onto the platen. The 40 minute event will, of course, be live on YouTube on February 8.

Google's parent company, Alphabet, had its earnings call yesterday, and Google/Alphabet CEO Sundar Pichai promised that "very soon people will be able to interact directly with our newest, most powerful language models as a companion to Search in experimental and innovative ways." Earlier this year the company declared a "code red" over the meteoric rise of ChatGPT and even dragged co-founders Larry Page and Sergey Brin out of retirement to help.

New Netflix rules that would have enforced a limitation on users' sharing passwords are reportedly a mistake and don't apply in the US -- for now. From a report: Netflix has long been planning to cut down on password sharing, or letting friends share one paid account. The company appeared to go further, however, with the inclusion in its help pages of a new set of rules.

Broadly, anyone at a subscriber's physical address could continue using the service. But the paying subscriber would have to confirm every 31 days that a user away from their residence -- such as at college -- was part of the household. According to The Streamable, Netflix says it was all a mistake -- for the United States. "For a brief time yesterday, a help center article containing information that is only applicable to Chile, Costa Rica, and Peru, went live in other countries," a Netflix spokesperson told the publication. "We have since updated it."

The Federal Trade Commission is preparing a potential antitrust lawsuit against Amazon that in the coming months could challenge an array of the tech giant's business practices as anticompetitive, WSJ reported Friday, citing people familiar with the matter. From the report: The timing of any case remains in flux, some of the people said. The commission also could opt not to proceed, and doesn't always bring cases even when it is making preparations to do so. Amazon officials haven't had individual late-stage meetings with each of the FTC commissioners to make their arguments against a legal challenge, those people said.

The commission in recent years has been examining Amazon practices including whether it favors its own products over competitors' on its platforms and how it treats outside sellers on Amazon.com, according to some of the people familiar with the matter. The FTC also has been scrutinizing the company's Amazon Prime subscription service's bundling practices, some of the people said. Exactly which aspects of the business the FTC would target in a potential Amazon lawsuit couldn't be learned. Amazon and the FTC declined to comment.

Google has invested about $300mn in artificial intelligence startup Anthropic, making it the latest tech giant to throw its money and computing power behind a new generation of companies trying to claim a place in the booming field of "generative AI." From the report: The terms of the deal, through which Google will take a stake of around 10 per cent, requires Anthropic to use the money to buy computing resources from the search company's cloud computing division, according to three people familiar with the arrangement. Google's move highlights the influence that a small number of Big Tech companies have assumed over other companies working on AI, which need access to cloud computing platforms to handle the giant AI models developed by groups such as Anthropic. The search company's investment also echoes the $1bn cash-for-computing investment that Microsoft made in OpenAI three years ago.

Ryan Grewell, who runs a small wireless Internet service provider in Ohio, last month received an email that confirmed some of his worst suspicions about cable companies. From a report: Grewell, founder and general manager of Smart Way Communications, had heard from some of his customers that the Federal Communications Commission's new broadband map falsely claimed fiber Internet service was available at their homes from another company called Jefferson County Cable. Those customer reports spurred Grewell to submit a number of challenges to the FCC in an attempt to correct errors in Smart Way's service area.

One of Grewell's challenges elicited a response from Jefferson County Cable executive Bob Loveridge, who apparently thought Grewell was a resident at the challenged address rather than a competitor. "You challenged that we do not have service at your residence and indeed we don't today," Loveridge wrote in a January 9 email that Grewell shared with Ars. "With our huge investment in upgrading our service to provide xgpon we reported to the BDC [Broadband Data Collection] that we have service at your residence so that they would not allocate addition [sic] broadband expansion money over [the] top of our private investment in our plant."

The email is reminiscent of our November 2022 article about a cable company accidentally telling a rival about its plan to block government grants to competitors. Speaking to Ars in a phone interview, Grewell said, "This cable company happened to just say the quiet part out loud." He called it "a blatant attempt at blocking anyone else from getting funding in an area they intend to serve." It's not clear when Jefferson County Cable plans to serve the area. Program rules do not allow ISPs to claim future coverage in their map submissions. Jefferson County Cable ultimately admitted to the FCC that it filed incorrect data and was required to submit a correction. The challenge that the ISP conceded was for an address on State Route 43 in Bergholz, Ohio. The town is not one of the coverage areas listed on Jefferson County Cable's website.

An anonymous reader shares a report: BMW i4 owner was rightfully puzzled when their car flashed a strange alert on the screen, saying its parking spot was "too steep" to perform an over-the-air software upgrade. How does that happen? And why is it a problem in the first place? As Clare Eliza found out, it simply isn't possible to remotely update any of the i4's software if the car isn't parked on flat ground. And instead of allowing the operator to override this, it will wait until you physically move it somewhere more level to continue. As it turns out, BMW doesn't have one singular reason why the vehicle can't perform this task on an incline. Rather, the limitation is there as a safety blanket.

"The vehicle has all sorts of sensors (pitch, yaw, lateral and longitudinal acceleration and deceleration, etc.) that allow it to understand its orientation, so it knows when it's on an incline," a BMW spokesperson told The Drive. "It's likely a catchall, every-worst-case-no-matter-how-unlikely scenario safety precaution to try to prevent any chance of the vehicle moving should the programming be interrupted or go wrong." Essentially, it's there just in case something unexpected happens; it's better to plan for the worst, after all.

"A Chinese spy balloon is floating over the continental United States," writes Slashdot reader q4Fry. "As it headed over Montana, 'civilian flights in the area were halted and U.S. military aircraft, including advanced F-22 fighter jets, were put in the air.'" The Washington Post reports: The balloon's flight path takes it over "a number of sensitive sites," the senior [Pentagon] official said, but it appears it does not have the ability collect information that is "over and above" other tools at China's disposal, like low-orbit satellites. Nevertheless, the Pentagon is taking undisclosed "mitigation steps" to prevent Beijing from gathering additional intelligence.

"We put some things on station in the event that a decision was made to bring this down," the official said. "So we wanted to make sure we were coordinating with civil authorities to empty out the airspace around that potential area. But even with those protective measures taken, it was the judgment of our military commanders that we didn't drive the risk down low enough. So we didn't take the shot." "The US believes Chinese spy satellites in low Earth orbit are capable of offering similar or better intelligence, limiting the value of whatever Beijing can glean from the high-altitude balloon, which is the size of three buses," reports CNN, citing a defense official.

"It does not create significant value added over and above what the PRC is likely able to collect through things like satellites in low Earth orbit," the senior defense official said. Nevertheless, House Speaker Kevin McCarthy called for a briefing of the "Gang of Eight" -- the group of lawmakers charged with reviewing the nation's most sensitive intelligence information.

Nostr, a startup decentralized social network, got its Twitter-like Damus application listed on Apple's App Store. CoinDesk reports: Nostr is an open protocol that aims to create a censorship-resistant global social network. Media commentators have described it as a possible alternative to Elon Musk's Twitter. According to an article in Protos, Nostr is popular with bitcoiners partly because most implementations of it support payments over Bitcoin's Lightning Network.

Former Twitter CEO Jack Dorsey, who last year donated roughly 14 BTC (worth $245,000 at the time) to fund Nostr's development, hailed the debut of Damus on Apple's App Store as a "milestone for open protocols," in a tweet posted late Tuesday. As of press time, the tweet had been viewed 2.1 million times. According to the Nostr website, Damus is one of several Nostr projects, including Anigma, a Telegram-like chat; Nostros, a mobile client; and Jester, a chess application. You can download the iOS app here.