The Linkielist

Linking ideas with the world

The Linkielist

Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Amazon Is Making It Harder to Move Your E-Books Around

Posted on by

Amazon is once again demonstrating that buying things in today’s world does not mean you actually own them. The company is closing a loophole that enabled owners of Kindle books to strip them of their anti-piracy protection and take them elsewhere.

Some avid digital books enthusiasts prefer other e-reading applications to Amazon’s Kindle—perhaps because another e-reader has a better color screen or other features not present on Kindle. The “Download & transfer via USB” tool was an old Kindle feature that allowed owners of e-books purchased through Amazon to be downloaded and transferred to another Kindle without using WiFi or Bluetooth. Clever individuals found that some older e-books used a file format with security measures that are easy to circumvent, meaning they could use the tool alongside other hacks to successfully transfer their books elsewhere. Now, books purchased through Amazon are effectively stuck there.

[…]

A standard security format would enable books to be transferred while protecting copyrights, but Amazon does not have an incentive to go with that.

That has, of course, been great for Amazon. The company was early into the e-book industry and the Kindle is synonymous with e-books; it accounts for 70% of the market. If you have a large collection of books you have purchased on Kindle, you kind of have to stay in its ecosystem. Furthermore, some books are only available on Amazon’s marketplace, and the company will always match the price of competing marketplaces since it really makes its money off the ads littering the site these days. While Amazon does have a monopoly in digital books, it would likely argue it is not a monopoly in the broader book category as Barnes and Noble sees a resurgence in popularity.

Users on sites like Reddit have shared workarounds over the years to take their purchased books elsewhere, but it has been something of a cat-and-mouse game, with successive updates by Amazon closing loopholes.

[…]

 

Source: Amazon Is Making It Harder to Move Your E-Books Around

Brake pad dust can be more toxic than exhaust emissions, study says

Posted on by

Microscopic particles emitted from brake pads can be more toxic than those emitted in diesel vehicle exhaust, a study has found.

This research shows that even with a move to electric vehicles, pollution from cars may not be able to be eradicated.

The researchers found that a higher concentration of copper in some commonly used brake pads was associated with increased harmful effects on sensitive cells from people’s lungs, as a result of particles being breathed in.

Exposure to pollution generated by cars, vans and lorries has been previously been linked to an increased risk of lung and heart disease. While past attention has mainly concentrated on exhaust emissions, particles are also released into the air from tyre, road and brake pad wear.

These emissions are largely unregulated by legislation and the study found that these “non-exhaust” pollution sources are now responsible for the majority of vehicle particulate matter emissions in the UK and parts of Europe, with brake dust the main contributor among them.

Dr James Parkin, from the University of Southampton and lead author of the study published in the journal Particle and Fibre Toxicology, said: “People generally associate pollution from cars as being from exhaust pipes and think of electric vehicles as having zero emissions. However, electric vehicles still produce particulate matter due to friction and wear of the road, tyres, and brakes.

[…]

Results showed that of the four types of brake pads, non-asbestos organic pads were the most potent at inducing inflammation and other markers of toxicity, and were found to be more toxic to human lung cells than diesel exhaust particles. Ceramic pads were the second most toxic.

Dr Ian Mudway, senior lecturer at the school of public health at Imperial College London, said that while the research appeared sound it was premature to conclude that emissions from brake pad wear were worse than diesel exhaust.

He said: “Too many variables remain uncontrolled: brake disc types [a highly varied category], diesel exhaust particle composition, and chosen endpoints, among others. While this paper focuses on brakes, tyre wear and road dust resuspension should also be considered. This has significant policy implications, as it suggests that policies solely targeting exhaust emissions will not fully mitigate the risks of traffic-related pollutants.”

The project supervisor Prof Matthew Loxham said this was “a fair comment” but said the brake wear particles were generated on a test rig according to a standard braking cycle, different types and speed of braking, which is used for brake testing, “therefore one would expect the particles to be representative of general real world brake wear particles”.

“Although there may well be differences to the particles from each of these sources caused by changes in braking or engine parameters, I think it would be fair to hypothesise that these differences would be rather less than the differences due to the individual sources,” he said.

[…]

Source: Brake pad dust can be more toxic than exhaust emissions, study says | Automotive emissions | The Guardian

Eating from plastic (takeout) containers can increase heart failure risk

Posted on by

Eating from plastic takeout containers may significantly increase the chance of congestive heart failure, a new study finds, and researchers suspect they have identified why: changes to gut biome cause inflammation that damages the circulatory system.

The novel two part, peer-reviewed study from Chinese researchers adds to mounting evidence of the risks associated with eating from plastic, and builds on previous evidence linking plastic chemicals to heart disease.

The authors used a two-part approach, first looking into the frequency with which over 3,000 people in China ate from plastic takeout containers, and whether they had heart disease. They then exposed rats to plastic chemicals in water that was boiled and poured in carryout containers to extract chemicals.

plastic utensils-02
Reduce, reuse, refuse: tips to cut down plastic use in your kitchen
Read more

“The data revealed that high-frequency exposure to plastics is significantly associated with an increased risk of congestive heart failure,” the authors wrote.

Plastic can contain any of about 20,000 chemicals, and many of them, such as BPA, phthalates and Pfas, present health risks. The chemicals are often found in food and food packaging, and are linked to a range of problems from cancer to reproductive harm.

While researchers in the new paper didn’t check which specific chemicals were leaching from the plastic, they noted the link between common plastic compounds and heart disease, and a previous link between gut biome and heart disease.

They put boiling water in the containers for one, five or 15 minutes because plastic chemicals leach at much higher rates when hot contents are placed in containers – the study cited previous research that found as many as 4.2m microplastic particles per sq cm can leach from plastic containers that are microwaved.

The authors then gave rats the water contaminated with leachate to drink for several months, then analyzed the gut biome and metabolites in the feces. It found notable changes.

“It indicated that ingestion of these leachates altered the intestinal microenvironment, affected gut microbiota composition, and modified gut microbiota metabolites, particularly those linked to inflammation and oxidative stress,” the authors wrote.

fruits are wrapped in plastic on shelves in a store
Thousands of toxins from food packaging found in humans – research
Read more

They then checked the rats’ heart muscle tissue and found it had been damaged. The study did not find a statistical difference in the changes and damage among rats that were exposed to water that had been in contact with plastic for one minute versus five or fifteen.

The study does not make recommendations on how consumers can protect themselves. But public health advocates say to avoid microwaving or adding hot food to plastic containers at home, or cooking anything in plastic. Replacing plastic utensils or packaging at home with glass, wood or stainless steel alternatives is also helpful.

It is more difficult to avoid plastic when getting carryout. One can bring their own glass packaging or transfer food to glass packaging when one gets home.

Source: Eating from plastic takeout containers can increase heart failure risk – study | US news | The Guardian

Zypher’s speech model can clone your voice with 5s of audio

Posted on by

Palo Alto-based AI startup Zyphra unveiled a pair of open text-to-speech (TTS) models this week said to be capable of cloning your voice with as little as five seconds of sample audio. In our testing, we generated realistic results with less than half a minute of recorded speech.

Founded in 2021 by Danny Martinelli and Krithik Puthalath, the startup aims to build a multimodal agent system called MaiaOS. To date, these efforts have seen the release of its Zamba family of small language models, optimizations such as tree attention, and now the release of its Zonos TTS models.

Measuring at 1.6 billion parameters in size each, the models were trained on more than 200,000 hours of speech data, which includes both neutral-toned speech such as audiobook narration, and “highly expressive” speech. According to the upstart’s release notes for Zonos, the majority of its data was in English but there were “substantial” quantities of Chinese, Japanese, French, Spanish, and German. Zyphra tells El Reg this data was acquired from the web and was not obtained from data brokers.

[…]

Zyphra offers a demo environment where you can play with its Zonos models, along with paid API access and subscription plans on their website. But, if you’re hesitant to upload your voice to a random startup’s servers, getting the model running locally is relatively easy.

We’ll go into more detail on how to set that up in a bit, but first, let’s take a look at how well it actually works in the wild.

To test it out, we spun up Zyphra’s Zonos demo locally on an Nvidia RTX 6000 Ada Generation graphics card. We then uploaded 20- to 30-second clips of ourselves reading a random passage of text, and fed that into the Zonos-v0.1 transformer and hybrid models along with a 50 or so word text prompt, leaving all hyperparameters to their defaults. The goal is to have the trained model predict your voice, and output it as an audio file, from the provided sample recordings and prompt.

Using a 24-second sample clip, we were able to achieve a voice clone good enough to fool close friends and family — at least on first blush. After revealing that the clip was AI generated, they did note that the pacing and speed of the speech did feel a little off, and that they believed they would have caught on to the fact the audio wasn’t authentic given a longer clip.

[…]

If you’d like to use Zonos to clone your own voice, deploying the model is relatively easy, assuming you’ve got a compatible GPU and some familiarity with Linux and containerization.

[…]

Source: Zypher’s speech model can clone your voice with 5s of audio • The Register

Gravy Analytics sued for data breach containing location data of millions of smartphones

Posted on by

Gravy Analytics has been sued yet again for allegedly failing to safeguard its vast stores of personal data, which are now feared stolen. And by personal data we mean information including the locations of tens of millions of smartphones, coordinates of which were ultimately harvested from installed apps.

A complaint [PDF], filed in federal court in northern California yesterday, is at least the fourth such lawsuit against Gravy since January, when an unidentified criminal posted screenshots to XSS, a Russian cybercrime forum, to support claims that 17 TB of records had been pilfered from the American analytics outfit’s AWS S3 storage buckets.

The suit this week alleges that massive archive contains the geo-locations of people’s phones.

Gravy Analytics subsequently confirmed it suffered some kind of data security breach, which was discovered on January 4, 2025, in a non-compliance report [PDF] filed with the Norwegian Data Protection Authority and obtained by Norwegian broadcaster NRK.

Three earlier lawsuits – filed in New Jersey on January 14 and 30, and in Virginia on January 31 in the US – make similar allegations.

Gravy Analytics and its subsidiary Venntel were banned from selling sensitive location data by the FTC in December 2024, under a proposed order [PDF] to resolve the agency’s complaint against the companies that was finalized on January 15, 2025.

The FTC complaint alleged the firms “used geofencing, which creates a virtual geographical boundary, to identify and sell lists of consumers who attended certain events related to medical conditions and places of worship and sold additional lists that associate individual consumers to other sensitive characteristics.”

[…]

Source: Gravy Analytics soaks up another sueball over data breach • The Register

U.K. orders Apple to let it spy on users’ encrypted Data in Secret Order – guess they didn’t learn from the Chinese hack of the US telco system then

Posted on by
Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.
The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies.
[…]
Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said. Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States.
The office of the Home Secretary has served Apple with a document called a technical capability notice, ordering it to provide access under the sweeping U.K. Investigatory Powers Act of 2016, which authorizes law enforcement to compel assistance from companies when needed to collect evidence, the people said.
The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.
Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.
In March, when the company was on notice that such a requirement might be coming, it told Parliament: “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”
The Home Office said Thursday that its policy was not to discuss any technical demands. “We do not comment on operational matters, including for example confirming or denying the existence of any such notices,” a spokesman said.
[…]
At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022. It had sought to offer it several years earlier but backed off after objections from the FBI during the first term of President Donald Trump, who pilloried the company for not aiding in the arrest of “killers, drug dealers and other violent criminal elements.” The service is an available security option for Apple users in the United States and elsewhere.
While most iPhone and Mac computer users do not go through the steps to enable it, the service offers enhanced protection from hacking and shuts down a routine method law enforcement uses to access photos, messages and other material. iCloud storage and backups are favored targets for U.S. search warrants, which can be served on Apple without the user knowing.
[…]
Google would be a bigger target for U.K. officials, because it has made the backups for Android phones encrypted by default since 2018. Google spokesman Ed Fernandez declined to say whether any government had sought a back door, but implied none have been implemented. “Google can’t access Android end-to-end encrypted backup data, even with a legal order,” he said.
Meta also offers encrypted backups for WhatsApp. A spokesperson declined to comment on government requests but pointed to a transparency statement on its website saying that no back doors or weakened architecture would be implemented.
If the U.K. secures access to the encrypted data, other countries that have allowed the encrypted storage, such as China, might be prompted to demand equal backdoor access, potentially prompting Apple to withdraw the service rather than comply.
[…]

Source: U.K. orders Apple to let it spy on users’ encrypted accounts – The Washington Post

See also: Phone Metadata Suddenly Not So ‘Harmless’ When It’s The FBI’s Data Being Harvested

and In massive U-turn, FBI Warns Americans to Start Using Encrypted Messaging Apps, after discovering the problem with backdoors

Stellantis Introduces Pop-Up Ads in Vehicles, Bombarding your Jeep, Dodge, Chrysler display every time you stop

Posted on by

Car technology is supposed to make driving safer, smoother, and more enjoyable. But Stellantis, the parent company of Jeep, Dodge, Chrysler, and Ram, seems to have taken a different approach—one that prioritizes ad revenue over user experience.

In a move that has left drivers both frustrated and bewildered, Stellantis has introduced full-screen pop-up ads on its infotainment systems. Specifically, Jeep owners have reported being bombarded with advertisements for Mopar’s extended warranty service. The kicker? These ads appear every time the vehicle comes to a stop

[…]

One Jeep 4xe owner recently shared their frustration on an online forum, detailing how these pop-ups disrupt the driving experience. Stellantis, responding through their “JeepCares” representative, confirmed that these ads are part of the contractual agreement with SiriusXM and suggested that users simply tap the “X” to dismiss them.

[…]

A Symptom of a Bigger Problem: Subscription Fatigue

The automotive industry is heading into murky waters with the increasing push toward subscription-based features. BMW tried charging for heated seats. Mercedes locked performance boosts behind a paywall. Now, Stellantis has decided to monetize its infotainment screens with intrusive advertising.

It’s a trend that consumers are growing increasingly tired of. New vehicles already come with a hefty price tag—averaging $48,700 in 2024—so the expectation is that premium pricing should come with a premium experience, not one riddled with ads and additional fees. Instead of making customers feel like valued buyers, automakers are making them feel like they’re merely users in an ad-supported ecosystem.

The Off-Roading Community’s Response: “AdBlock for Jeeps?”

The off-roading community has always been passionate about modifying their vehicles, but no one expected that “blocking ads” would become a must-have Jeep upgrade. Some tech-savvy drivers are already exploring ways to disable these pop-ups permanently, with discussions surfacing about potential software hacks or third-party solutions to remove intrusive in-car advertising.

[…]

Source: Stellantis Introduces Pop-Up Ads in Vehicles, Sparking Outrage Among Owners – TechStory

Buy now, pay later installment payments increase retail spending, study finds

Posted on by

[…]Buy now, pay later (BNPL) is an increasingly popular payment method, allowing customers to spread payment into interest-free installments over a few weeks or months. Worldwide BNPL spending was $316 billion in 2023 and is expected to grow to $450 billion by 2027. With major retailers such as Walmart and H&M partnering with BNPL providers like Affirm, Klarna, and Afterpay, over 45 million U.S. customers have adopted this payment method.

When customers choose BNPL installments at the checkout of a participating retailer, the bill is paid in full by the BNPL provider to the retailer. Customers pay the BNPL provider for the first installment at the time of purchase and repay the remaining interest-free installments over a short time period.

However, despite the growing popularity of BNPL installment payments, little is known about their impact on retail sales.

In this new study, the researchers use transactional data from a major U.S. retailer and find that BNPL installment payments boost spending. By allowing customers to pay for purchases in smaller, interest-free installments, BNPL boosts both the number of purchases and the average amount spent.

The study compares BNPL installment payments to upfront and delayed lump sum payments. BNPL consistently boosts spending across various products (e.g., party supplies, apparel, flights, mugs, coffee pods) and number of installments (e.g., three installments, four installments, six installments).

[…]

This research offers actionable insights for various stakeholders:

  • Consumers can benefit by using BNPL installments as a tool for managing expenses by making them feel more in control of their budgets and less financially constrained.
  • Retail managers should consider integrating BNPL options to boost sales. Ang says that “Retailers benefit because adoption of installment payments leads to more frequent purchases and larger basket amounts. The difference is significant, with an increase in purchase incidence of approximately 9% and a relative increase in purchase amounts of approximately 10%.”
  • Policymakers need to be aware of the significant impact BNPL has on consumer spending to ensure regulations that protect consumers while fostering financial flexibility.
  • Societal stakeholders, including consumer advocates, should monitor BNPL’s growing influence to promote responsible practices.

Understanding the benefits and potential risks associated with BNPL is crucial as this payment method continues to reshape the retail landscape.

More information: Stijn Maesen et al, Buy Now, Pay Later: Impact of Installment Payments on Customer Purchases, Journal of Marketing (2024). DOI: 10.1177/00222429241282414

Source: Buy now, pay later installment payments increase retail spending, study finds

NASA Demonstrates Software ‘Brains’ Shared Across Satellite Swarms

Posted on by

[…] Distributed Spacecraft Autonomy (DSA), allows individual spacecraft to make independent decisions while collaborating with each other to achieve common goals – all without human input.

NASA researchers have achieved multiple firsts in tests of such swarm technology as part of the agency’s DSA project. Managed at NASA’s Ames Research Center in California’s Silicon Valley, the DSA project develops software tools critical for future autonomous, distributed, and intelligent swarms that will need to interact with each other to achieve complex mission objectives.

[…]

Distributed space missions rely on interactions between multiple spacecraft to achieve mission goals. Such missions can deliver better data to researchers and ensure continuous availability of critical spacecraft systems.

[…]

Distributing autonomy across a group of interacting spacecraft allows for all spacecraft in a swarm to make decisions and is resistant to individual spacecraft failures.

The DSA team advanced swarm technology through two main efforts: the development of software for small spacecraft that was demonstrated in space during NASA’s Starling mission, which involved four CubeSat satellites operating as a swarm to test autonomous collaboration and operation with minimal human operation, and a scalability study of a simulated spacecraft swarm in a virtual lunar orbit.

Experimenting With DSA in Low Earth Orbit

The team gave Starling a challenging job: a fast-paced study of Earth’s ionosphere – where Earth’s atmosphere meets space – to show the swarm’s ability to collaborate and optimize science observations. The swarm decided what science to do on their own with no pre-programmed science observations from ground operators.

“We did not tell the spacecraft how to do their science,” said Adams. “The DSA team figured out what science Starling did only after the experiment was completed. That has never been done before and it’s very exciting!”

The accomplishments of DSA onboard Starling include the first fully distributed autonomous operation of multiple spacecraft, the first use of space-to-space communications to autonomously share status information between multiple spacecraft, the first demonstration of fully distributed reactive operations onboard multiple spacecraft, the first use of a general-purpose automated reasoning system onboard a spacecraft, and the first use of fully distributed automated planning onboard multiple spacecraft.

During the demonstration, which took place between August 2023 and May 2024, Starling’s swarm of spacecraft received GPS signals that pass through the ionosphere and reveal interesting – often fleeting – features for the swarm to focus on. Because the spacecraft constantly change position relative to each other, the GPS satellites, and the ionospheric environment, they needed to exchange information rapidly to stay on task.

Each Starling satellite analyzed and acted on its best results individually. When new information reached each spacecraft, new observation and action plans were analyzed, continuously enabling the swarm to adapt quickly to changing situations.

[…]

The DSA lunar Position, Navigation, and Timing study demonstrated scalability of the swarm in a simulated environment. Over a two-year period, the team ran close to one hundred tests of more complex coordination between multiple spacecraft computers in both low- and high-altitude lunar orbit and showed that a swarm of up to 60 spacecraft is feasible.

The team is further developing DSA’s capabilities to allow mission operators to interact with even larger swarms – hundreds of spacecraft – as a single entity.

[…]

Source: NASA Demonstrates Software ‘Brains’ Shared Across Satellite Swarms   – NASA

Unions Sue to Block Elon Musk’s Access to Americans’ Tax and Benefits Records

Posted on by

A coalition of labor organizations representing federal workers and retirees has sued the Department of the Treasury to block it from giving the newly created Department of Government Efficiency, controlled by Elon Musk, access to the federal government’s sensitive payment systems.

After forcing out a security official who opposed the move, Treasury Secretary Scott Bessent granted DOGE workers access to the system last week, according to The New York Times. Despite its name, DOGE is not a government department but rather an ad-hoc group formed by President Trump purportedly tasked with cutting government spending.

The labor organizations behind the lawsuit filed Monday argue that Bessent broke federal privacy and tax confidentiality laws by giving unauthorized DOGE workers, including people like Musk who are not government employees, the ability to view the private information of anyone who pays taxes or receives money from federal agencies.

With access to the Treasury systems, DOGE representatives can potentially view the names, social security numbers, birth dates, mailing addresses, email addresses, and bank information of tens of millions of people who receive tax refunds, social security and disability payments, veterans benefits, or salaries from the federal government, according to the lawsuit.

“The scale of the intrusion into individuals’ privacy is massive and unprecedented,” according to the complaint filed by the Alliance for Retired Americans, the American Federation of Government Employees, and the Service Employees International Union.

[…]

In their lawsuit, the labor organizations argue that federal law prohibits the disclosure of taxpayer information to anyone except Treasury employees who require it for their official duties unless the disclosure is authorized by a specific law, which DOGE’s access to the system is not. DOGE’s access also violates the Privacy Act of 1974, which prohibits disclosure of personal information to unauthorized people and lays out strict procedures for changing those authorizations, which the Trump administration has not followed, according to the suit.

The plaintiffs have asked the Washington, D.C. district court to grant an injunction preventing unauthorized people from accessing the payment systems and to rule the Treasury’s actions unlawful.

Source: Unions Sue to Block Elon Musk’s Access to Americans’ Tax and Benefits Records

Apple chips can be hacked to leak secrets from Gmail, iCloud, and more in a browser

Posted on by

Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail.

The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips’ use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program.

A new direction

The Apple silicon affected takes speculative execution in new directions. Besides predicting control flow CPUs should take, it also predicts the data flow, such as which memory address to load from and what value will be returned from memory.

The most powerful of the two side-channel attacks is named FLOP. It exploits a form of speculative execution implemented in the chips’ load value predictor (LVP), which predicts the contents of memory when they’re not immediately available. By inducing the LVP to forward values from malformed data, an attacker can read memory contents that would normally be off-limits. The attack can be leveraged to steal a target’s location history from Google Maps, inbox content from Proton Mail, and events stored in iCloud Calendar.

SLAP, meanwhile, abuses the load address predictor (LAP). Whereas LVP predicts the values of memory content, LAP predicts the memory locations where instruction data can be accessed. SLAP forces the LAP to predict the wrong memory addresses. Specifically, the value at an older load instruction’s predicted address is forwarded to younger arbitrary instructions. When Safari has one tab open on a targeted website such as Gmail, and another open tab on an attacker site, the latter can access sensitive strings of JavaScript code of the former, making it possible to read email contents.

“There are hardware and software measures to ensure that two open webpages are isolated from each other, preventing one of them from (maliciously) reading the other’s contents,” the researchers wrote on an informational site describing the attacks and hosting the academic papers for each one. “SLAP and FLOP break these protections, allowing attacker pages to read sensitive login-protected data from target webpages. In our work, we show that this data ranges from location history to credit card information.”

[…]

The following Apple devices are affected by one or both of the attacks:

• All Mac laptops from 2022–present (MacBook Air, MacBook Pro)
• All Mac desktops from 2023–present (Mac Mini, iMac, Mac Studio, Mac Pro)
• All iPad Pro, Air, and Mini models from September 2021–present (Pro 6th and 7th generation, Air 6th gen., Mini 6th gen.)
• All iPhones from September 2021–present (All 13, 14, 15, and 16 models, SE 3rd gen.)

[…]

Source: Apple chips can be hacked to leak secrets from Gmail, iCloud, and more – Ars Technica

AI-assisted works can get finally copyright with enough human creativity, says US copyright office

Posted on by

Artists can copyright works they made with the help of artificial intelligence, according to a new report by the U.S. Copyright Office that could further clear the way for the use of AI tools in Hollywood, the music industry and other creative fields.

The nation’s copyright office, which sits in the Library of Congress and is not part of the executive branch, receives about half a million copyright applications per year covering millions of individual works. It has increasingly been asked to register works that are AI-generated.

And while many of those decisions are made on a case-by-case basis, the report issued Wednesday clarifies the office’s approach as one based on what the top U.S. copyright official describes as the “centrality of human creativity” in authoring a work that warrants copyright protections.

“Where that creativity is expressed through the use of AI systems, it continues to enjoy protection,” said a statement from Register of Copyrights Shira Perlmutter, who directs the office.

An AI-assisted work could be copyrightable if an artist’s handiwork is perceptible. A human adapting an AI-generated output with “creative arrangements or modifications” could also make it fall under copyright protections.

[…]

Source: AI-assisted works can get copyright with enough human creativity, says US copyright office | AP News

Astronomers Call for Global Ban on Space Advertising Before It’s Too Late

Posted on by

In a statement adopted in October 2024, the American Astronomical Society declared that humankind’s scientific understanding of the universe is under threat from space activities, including the proliferation of satellite constellations, space debris, and radio- and electromagnetic interference. Of note is the potential for a space-based eyesore: giant billboards hanging out in low Earth orbit.

“It is the position of the American Astronomical Society that obtrusive space advertising should be prohibited by appropriate international convention, treaty, or law,” the statement read.

Congress already prohibits domestic launches of any “payload containing any material to be used for the purposes of obtrusive space advertising,” in which obtrusive space advertising is defined as “advertising in outer space that is capable of being recognized by a human being on the surface of the Earth without the aid of a telescope or other technological device.”

“The US federal ban on obtrusive space advertising is a critical bulwark against an insidious fouling of the natural sky by private interests,” said James Lowenthal, an astronomer at Smith College and member of the AAS’ Committee for the Protection of Astronomy and the Space Environment (COMPASSE), in an email to Gizmodo. “That ban recognizes that the sky belongs to everyone, and must be protected for all humans now and in the future.”

“But the ban applies only to US launches; other countries could approve launches of ‘space billboards’ from their soil that would be visible from around the world,” Lowenthal added. “That’s why an international ban is critical.”

[…]

Source: Astronomers Call for Global Ban on Space Advertising Before It’s Too Late

WhatsApp says journalists and civil society members were targets of Israeli spyware

Posted on by

Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, the company alleged on Friday.

The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised”.

It is not clear who was behind the attack. Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks.

Experts said the targeting was a “zero-click” attack, which means targets would not have had to click on any malicious links to be infected.

WhatsApp declined to disclose where the journalists and members of civil society were based, including whether they were based in the US.

Paragon has a US office in Chantilly, Virginia. The company has faced recent scrutiny after Wired magazine in October reported that it had entered into a $2m contract with the US Immigration and Customs Enforcement’s homeland security investigations division.

[…]

A person close to the company told the Guardian that Paragon had 35 government customers, that all of them could be considered democratic, and that Paragon did not do business with countries, including some democracies, that have previously been accused of abusing spyware. The person said that included Greece, Poland, Hungary, Mexico and India.

Paragon’s spyware is known as Graphite and has capabilities that are comparable to NSO Group’s Pegasus spyware. Once a phone is infected with Graphite, the operator of the spyware has total access to the phone, including being able to read messages that are sent via encrypted applications like WhatsApp and Signal.

The company, which was founded by the former Israeli prime minister Ehud Barak, has been the subject of media reports in Israel recently, after it was reported that the group was sold to a US private equity firm, AE Industrial Partners, for $900m.

[…]

Source: WhatsApp says journalists and civil society members were targets of Israeli spyware | WhatsApp | The Guardian

US healthcare provider data breach impacts 1 million patients

Posted on by

Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data.

The non-profit organization provides primary medical, dental, and mental health services to more than 145,000 active patients.

CHC said in a Thursday filing with Maine’s attorney general that unknown attackers gained access to its network in mid-October 2024, a breach discovered more than two months later, on January 2, 2025.

While the threat actors stole files containing patients’ personal and health information belonging to 1,060,936 individuals, the healthcare organization says they didn’t encrypt any compromised systems and that the security breach didn’t impact its operations.

[…]

Depending on the affected patient, the attackers stole a combination of:

  • personal (names, dates of birth, addresses, phone numbers, emails, Social Security numbers) or
  • health information (medical diagnoses, treatment details, test results, and health insurance.

A CHC spokesperson was not immediately available when BleepingComputer reached out for more details on the incident.

While CHC said the hackers didn’t encrypt any of its systems, more ransomware operations have switched tactics to become data theft extortion groups in recent years.

[…]

In response to this surge of massive healthcare security breaches, the U.S. Department of Health and Human Services (HHS) proposed updates to HIPAA (short for Health Insurance Portability and Accountability Act of 1996) in late December to secure patients’ health data.

Source: US healthcare provider data breach impacts 1 million patients

Boom! The XB-1 Demonstrator Jet Has Gone Supersonic

Posted on by

Boom Supersonic’s XB-1 demonstrator has broken the sound barrier, marking a major milestone in the effort that hopes to lead to a larger 55-seat supersonic airliner design known as Overture. Overall, the program could have significant implications not only for commercial aviation but also for the military.

Boom Supersonic’s XB-1 demonstrator eases past the sound barrier for the first time, going supersonic just over 11 minutes into its sortie today. YouTube screencap

The aircraft was flown to a speed of Mach 1.1 by former U.S. Navy aviator and Boom test pilot Tristan “Geppetto” Brandenburg, from the Mojave Air & Space Port, California. For the majority of its flight, the XB-1 was accompanied by two other supersonic jets, an ATAC Mirage F1 flown by A.J. “Face” McFarland, serving as primary safety chase, and a T-38 Talon performing photo chase duties. During the flight, the XB-1 entered the supersonic realm three times, landing safely at Mojave after a flight of a little over 30 minutes duration.

[…]

Ultimately, XB-1 is expected to have a top speed of around Mach 2.2 (1,687.99 miles per hour).

The XB-1, also known as the “Baby Boom,” is a one-third-scale technology demonstrator for the Overture. It made its first flight at Mojave on March 22, 2024, as you can read about here. During that flight, the XB-1 was flown at speeds up to 238 knots (273 mph, or Mach 0.355), achieving an altitude of 7,120 feet. On that occasion, Chief Test Pilot Bill “Doc” Shoemaker was at the controls, while the flight was monitored by “Geppetto” Brandenburg, flying a T-38 Talon chase aircraft.

[…]

While we have outlined the key aspects of the XB-1 in the past, the aircraft is 62.6 feet long and its elongated delta-wing planform has a wingspan of 21 feet. It makes extensive use of sophisticated technologies, including carbon-fiber composites, advanced avionics, and digitally optimized aerodynamics.

The XB-1 during an earlier test flight. Boom Supersonic

It also has an unusual propulsion system to propel it into the supersonic regime. This comprises three General Electric J85-15 turbojets, which together provide more than 12,000 pounds of thrust. The widely used J85 also powers, among others, the Northrop F-5 and the T-38. Since the XB-1 was rolled out, another three-engined aircraft has broken cover, the Chinese advanced tailless combat aircraft tentatively known as the J-36.

Compared to the XB-1, the Overture will be 201 feet long and is planned to achieve a cruising speed of Mach 1.7 (1,304 miles per hour) and a maximum speed of Mach 2.2. The company anticipates it will have a maximum range of 4,500 nautical miles.

A rendering of Boom Supersonic’s Overture airliner. Boom Supersonic

Achieving the Mach 1 mark is a huge achievement for the company and an important statement of intent for the future Overture supersonic airliner.

Aimed to make supersonic travel more affordable to greater numbers of travelers — a goal in which no other operator has succeeded in the past — the Overture is planned to carry a total of 64-80 passengers. Intended to drastically shorten the duration of transoceanic routes, the aircraft is “designed … to be profitable for airlines at fares similar to first and business class,” the company’s website notes.

[…]

[…]

Source: Boom! The XB-1 Demonstrator Jet Has Gone Supersonic

Pebble Founder Is Bringing the Smartwatch Back as Google Open-Sources Its Software

Posted on by

There’s some good news to share for Pebble fans: The no-frills smartwatch is making a comeback. The Verge spoke to Pebble founder Eric Migicovsky today, who says he was able to convince Google to open-source the smartwatch’s operating system. Migicovsky is in the early stages of prototyping a new watch and spinning up a company again under a to-be-announced new name.

Founded back in 2012, Pebble was initially funded on Kickstarter and created smartwatches with e-ink displays that nailed the basics. They could display notifications, let users control their music, and last 5-7 days on a charge thanks to their displays that are akin to what you find on a Kindle. The watches came in at affordable prices too, and they could work across both iOS and Android.

[…]

Fans of Pebble will be happy to know that whatever new smartwatch Migicovsky releases, it will be almost identical to what came before. “We’re building a spiritual, not successor, but clone of Pebble,” he says, “because there’s not that much I actually want to change.” Migicovsky plans to keep the software open-source and allow anyone to customize it for their watches. “There’s going to be the ability for anyone who wants to, to take Pebble source code, compile it, run it on their Pebbles, build new Pebbles, build new watches. They could even use it in random other hardware. Who knows what people can do with it now?”

And of course, this time around Migicovsky is using his own capital to grow the company in a sustainable way. After leaving Pebble, he started a messaging startup called Beeper, which was acquired by WordPress developer Automattic. Migicovsky has also served as an investor at Y-Combinator.

It is unclear when Migicovsky’s first watch may be available, but updates will be shared at rePebble.com.

Source: Pebble Founder Is Bringing the Smartwatch Back as Google Open-Sources Its Software

Phone Metadata Suddenly Not So ‘Harmless’ When It’s The FBI’s Data Being Harvested

Posted on by

[…] While trying to fend off attacks on Section 215 collections (most of which are governed [in the loosest sense of the word] by the Third Party Doctrine), the NSA and its domestic-facing remora, the FBI, insisted collecting and storing massive amounts of phone metadata was no more a constitutional violation than it was a privacy violation.

Suddenly — thanks to the ongoing, massive compromising of major US telecom firms by Chinese state-sanctioned hackers — the FBI is getting hot and bothered about the bulk collection of its own phone metadata by (gasp!) a government agency. (h/t Kevin Collier on Bluesky)

FBI leaders have warned that they believe hackers who broke into AT&T Inc.’s system last year stole months of their agents’ call and text logs, setting off a race within the bureau to protect the identities of confidential informants, a document reviewed by Bloomberg News shows.

[…]

The data was believed to include agents’ mobile phone numbers and the numbers with which they called and texted, the document shows. Records for calls and texts that weren’t on the AT&T network, such as through encrypted messaging apps, weren’t part of the stolen data.

The agency (quite correctly!) believes the metadata could be used to identify agents, as well as their contacts and confidential sources. Of course it can.

[…]

The issue, of course, is that the Intelligence Community consistently downplayed this exact aspect of the bulk collection, claiming it was no more intrusive than scanning every piece of domestic mail (!) or harvesting millions of credit card records just because the Fourth Amendment (as interpreted by the Supreme Court) doesn’t say the government can’t.

There are real risks to real people who are affected by hacks like these. The same thing applies when the US government does it. It’s not just a bunch of data that’s mostly useless. Harvesting metadata in bulk allows the US government to do the same thing Chinese hackers are doing with it: identifying individuals, sussing out their personal networks, and building from that to turn numbers into adversarial actions — whether it’s the arrest of suspected terrorists or the further compromising of US government agents by hostile foreign forces.

The takeaway isn’t the inherent irony. It’s that the FBI and NSA spent years pretending the fears expressed by activists and legislators were overblown. Officials repeatedly claimed the information was of almost zero utility, despite mounting several efforts to protect this collection from being shut down by the federal government. In the end, the phone metadata program (at least as it applies to landlines) was terminated. But there’s more than a hint of egregious hypocrisy in the FBI’s sudden concern about how much can be revealed by “just” metadata.

Source: Phone Metadata Suddenly Not So ‘Harmless’ When It’s The FBI’s Data Being Harvested | Techdirt

Trump Disbands Cybersecurity Board Investigating Worst Hack in US History: Massive Chinese Phone System Invasion

Posted on by

[…] We’re still nowhere near understanding just how bad the Chinese hack of our phone system was. The incident that was only discovered last fall involved the Chinese hacking group Salt Typhoon, which used the US’s CALEA phone wiretapping system as a backdoor to gain incredible, unprecedented access to much of the US’s phone system “for months or longer.”

As details come out, the extent of the hackers’ access has become increasingly alarming. It is reasonable to call it the worst hack in US history.

Soon after it was discovered, Homeland Security tasked the Cyber Safety Review Board (CSRB) to lead an investigation into the hack to uncover what allowed it to happen and assess how bad it really was. The CSRB was established by Joe Biden to improve the government’s cybersecurity in the face of global cybersecurity attacks on our infrastructure and was made up of a mix of government and private sector cybersecurity experts.

And one of the first things Donald Trump did upon retaking the presidency was to dismantle the board, along with all other DHS Advisory Committees.

It’s one thing to say the new president should get to pick new members for these advisory boards, but it’s another thing altogether to just summarily dismiss the very board that is in the middle of investigating this hugely impactful hack of our telephone systems in a way that isn’t yet fully understood.

Just before the presidential switch, the Biden administration had announced sanctions against a Chinese front corporation that was connected to the hack. And while the details are still sparse, all indications are that this was a massive and damaging attack on critical US infrastructure.

And one of Trump’s moves is to disband the group of experts who was trying to get to the bottom of what happened.

This seems… bad?

Cybersecurity researcher Kevin Beaumont said on the social media platform Bluesky that the move would give Microsoft a “free pass,” referring to the CSRB’s critical report of the tech giant — and Beaumont’s former employer — over its handling of a prior Chinese hacker breach.

Jake Williams, faculty at IANS Research, went even further on the same website: “We should have been putting more resources into the CSRB, not dismantling it,”he wrote. “There’s zero doubt that killing the CSRB [would] hurt national security.”

While some have speculated that this move is an attempt to cover up the extent of the breach or even deliberately assist the Chinese, a more likely explanation is simple incompetence[…]

Source: Trump Disbands Cybersecurity Board Investigating Massive Chinese Phone System Hack | Techdirt

Circle to Search now offers one-tap actions for phone numbers, emails and URLs

Posted on by

[…] As a reminder, Circle to Search is an AI-powered feature Google released at the start of last year. You can access it by long-pressing your phone’s home button and then circling something with your finger. At its most basic, the feature is a way to use Google Search from anywhere on your phone, with no need to switch between apps. It’s particularly useful if you want to conduct an image search since you don’t need to take a screenshot or describe what you’re looking at to Google.

As for those enhancements I mentioned, Google is adding one-tap actions for phone numbers, email addresses and URLs, meaning if Circle to Search detects those, it will allow you to call, email or visit a website with a single tap. Again, there’s no need to switch between apps to interact with those elements.[…]

Source: Circle to Search now offers one-tap actions for phone numbers, emails and URLs

Subaru Security Flaws Exposed Its System for Tracking, remote controlling Millions of Cars

Posted on by

About a year ago, security researcher Sam Curry bought his mother a Subaru, on the condition that, at some point in the near future, she let him hack it.

It took Curry until last November, when he was home for Thanksgiving, to begin examining the 2023 Impreza’s internet-connected features and start looking for ways to exploit them. Sure enough, he and a researcher working with him online, Shubham Shah, soon discovered vulnerabilities in a Subaru web portal that let them hijack the ability to unlock the car, honk its horn, and start its ignition, reassigning control of those features to any phone or computer they chose.

Most disturbing for Curry, though, was that they found they could also track the Subaru’s location—not merely where it was at the moment but also where it had been for the entire year that his mother had owned it. The map of the car’s whereabouts was so accurate and detailed, Curry says, that he was able to see her doctor visits, the homes of the friends she visited, even which exact parking space his mother parked in every time she went to church.

Location Point Neighborhood Chart and Plot

A year of location data for Sam Curry’s mother’s 2023 Subaru Impreza that Curry and Shah were able to access in Subaru’s employee admin portal thanks to its security vulnerabilities.

Screenshot Courtesy of Sam Curry

“You can retrieve at least a year’s worth of location history for the car, where it’s pinged precisely, sometimes multiple times a day,” Curry says. “Whether somebody’s cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone.”

Curry and Shah today revealed in a blog post their method for hacking and tracking millions of Subarus, which they believe would have allowed hackers to target any of the company’s vehicles equipped with its digital features known as Starlink in the US, Canada, or Japan. Vulnerabilities they found in a Subaru website intended for the company’s staff allowed them to hijack an employee’s account to both reassign control of cars’ Starlink features and also access all the vehicle location data available to employees, including the car’s location every time its engine started, as shown in their video below.

Curry and Shah reported their findings to Subaru in late November, and Subaru quickly patched its Starlink security flaws. But the researchers warn that the Subaru web vulnerabilities are just the latest in a long series of similar web-based flaws they and other security researchers working with them have found that have affected well over a dozen carmakers, including Acura, Genesis, Honda, Hyundai, Infiniti, Kia, Toyota, and many others. There’s little doubt, they say, that similarly serious hackable bugs exist in other auto companies’ web tools that have yet to be discovered.

[…]

Last summer, Curry and another researcher, Neiko Rivera, demonstrated to WIRED that they could pull off a similar trick with any of millions of vehicles sold by Kia. Over the prior two years, a larger group of researchers, of which Curry and Shah are a part, discovered web-based security vulnerabilities that affected cars sold by Acura, BMW, Ferrari, Genesis, Honda, Hyundai, Infiniti, Mercedes-Benz, Nissan, Rolls Royce, and Toyota.

[…]

In December, information a whistleblower provided to the German hacker collective the Chaos Computer Computer and Der Spiegel revealed that Cariad, a software company that partners with Volkswagen, had left detailed location data for 800,000 electric vehicles publicly exposed online. Privacy researchers at the Mozilla Foundation in September warned in a report that “modern cars are a privacy nightmare,” noting that 92 percent give car owners little to no control over the data they collect, and 84 percent reserve the right to sell or share your information. (Subaru tells WIRED that it “does not sell location data.”)

“While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines,” Mozilla’s report reads.

[…]

Source: Subaru Security Flaws Exposed Its System for Tracking Millions of Cars | WIRED

Magic packet Backdoor found on Juniper VPN routers

Posted on by

Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023.

The devices were infected with what appears to be a variant of cd00r, a publicly available “invisible backdoor” designed to operate stealthily on a victim’s machine by monitoring network traffic for specific conditions before activating.

It’s not yet publicly known how the snoops gained sufficient access to certain organizations’ Junos OS equipment to plant the backdoor, which gives them remote control over the networking gear. What we do know is that about half of the devices have been configured as VPN gateways.

Once injected, the backdoor, dubbed J-magic by Black Lotus Labs this week, resides in memory only and passively waits for one of five possible network packets to arrive. When one of those magic packet sequences is received by the machine, a connection is established with the sender, and a followup challenge is initiated by the backdoor. If the sender passes the test, they get command-line access to the box to commandeer it.

As Black Lotus Labs explained in this research note on Thursday: “Once that challenge is complete, J-Magic establishes a reverse shell on the local file system, allowing the operators to control the device, steal data, or deploy malicious software.”

While it’s not the first-ever discovered magic packet [PDF] malware, the team wrote, “the combination of targeting Junos OS routers that serve as a VPN gateway and deploying a passive listening in-memory-only agent, makes this an interesting confluence of tradecraft worthy of further observation.”

[…]

The malware creates an eBPF filter to monitor traffic to a specified network interface and port, and waits until it receives any of five specifically crafted packets from the outside world. If one of these magic packets – described in the lab’s report – shows up, the backdoor connects to whoever sent the magic packet using SSL; sends a random, five-character-long alphanumeric string encrypted using a hardcoded public RSA key to the sender; and if the sender can decrypt the string using the private half of the key pair and send it back to the backdoor to verify, the malware will start accepting commands via the connection to run on the box.

[…]

These victims span the globe, with the researchers documenting companies in the US, UK, Norway, the Netherlands, Russia, Armenia, Brazil, and Colombia. They included a fiber optics firm, a solar panel maker, manufacturing companies including two that build or lease heavy machinery, and one that makes boats and ferries, plus energy, technology, and semiconductor firms.

While most of the targeted devices were Juniper routers acting as VPN gateways, a more limited set of targeted IP addresses had an exposed NETCONF port, which is commonly used to help automate router configuration information and management.

This suggests the routers are part of a larger, managed fleet such as those in a network service provider, the researchers note.

[…]

Source: Mysterious backdoor found on select Juniper routers • The Register

F-35 AI-Enabled Drone Controller Capability Successfully Demonstrated

Posted on by

Lockheed Martin says the stealthy F-35 Joint Strike Fighter now has a firmly demonstrated ability to act as an in-flight ‘quarterback’ for advanced drones like the U.S. Air Force’s future Collaborative Combat Aircraft (CCA) with the help of artificial intelligence-enabled systems. The company states that its testing has also shown a touchscreen tablet-like device is a workable interface for controlling multiple uncrewed aircraft simultaneously from the cockpit of the F-35, as well as the F-22 Raptor. For the U.S. Air Force, how pilots in crewed aircraft will actually manage CCAs during operations has emerged as an increasingly important question.

Details about F-35 and F-22 related crewed-uncrewed teaming developments were included in a press release that Lockheed Martin put out late yesterday, wrapping up various achievements for the company in 2024.

Lockheed Martin

The F-35 “has the capability to control drones, including the U.S. Air Force’s future fleet of Collaborative Combat Aircraft. Recently, Lockheed Martin and industry partners demonstrated end-to-end connectivity including the seamless integration of AI technologies to control a drone in flight utilizing the same hardware and software architectures built for future F-35 flight testing,” the press release states. “These AI-enabled architectures allow Lockheed Martin to not only prove out piloted-drone teaming capabilities, but also incrementally improve them, bringing the U.S. Air Force’s family of systems vision to life.”

“Lockheed Martin has demonstrated its piloted-drone teaming interface, which can control multiple drones from the cockpit of an F-35 or F-22,” the release adds. “This technology allows a pilot to direct multiple drones to engage enemies using a touchscreen tablet in the cockpit of their 5th Gen aircraft.”

A US Air Force image depicting an F-22 Raptor stealth fighter flying together with a Boeing MQ-28 Ghost Bat drone. USAF A US Air Force image depicting an MQ-28 Ghost Bat flying together with an F-22 Raptor stealth fighter. USAF

The press release also highlights prior crewed-uncrewed teaming work that Lockheed Martin’s famed Skunk Works advanced projects division has done with the University of Iowa’s Operator Performance Laboratory (OPL) using surrogate platforms. OPL has also been working with other companies, including Shield AI, as well as the U.S. military, to support advanced autonomy and drone development efforts in recent years.

In November 2024, Lockheed Martin notably announced it had conducted tests with OPL that saw a human controller in an L-39 Albatros jet use a touchscreen interface to order two L-29 Delfin jets, equipped with AI-enabled flight technology acting as surrogate drones, to engage simulated enemy fighters. This sounds very similar to the kind of control architecture the company says it has now demonstrated on the F-35.

A view of the “battle manager” at work in the back seat of the L-39 jet during issuing commands to the L-29s acting as surrogate drones. Lockheed Martin

[…]

The Air Force is also still very much in the process of developing new concepts of operations and tactics, techniques, and procedures for employing CCA drones operationally. How the drones will fit into the service’s force structure and be utilized in routine training and other day-to-day peacetime activities, along with what the maintenance and logistical demands will be, also remains to be seen. Questions about in-flight command and control have emerged as particularly important ones to answer in the near term.

[…]

As Lockheed Martin’s new touting of its work on tablet-based control interfaces highlights, there is a significant debate now just about how pilots will physically issue orders and otherwise manage drones from their cockpits.

A picture of a drone control system using a tablet-like device that General Atomics has previously released. GA-ASI

“There’s a lot of opinions amongst the Air Force about the right way to go [about controlling drones from other aircraft],” John Clark, then head of Skunk Works, also told The War Zone and others at the AFA gathering in September 2024. “The universal thought, though, is that this [a tablet or other touch-based interface] may be the fastest way to begin experimentation. It may not be the end state.”

“We’re working through a spectrum of options that are the minimum invasive opportunities, as well as something that’s more organically equipped, where there’s not even a tablet,” Clark added.

[…]

In addition, there are still many questions about the secure communications architectures that will be needed to support operations involving CCAs and similar drones, as well as for F-35s and F-22s to operate effectively in the airborne controller role. The F-35 could use the popular omnidirectional Link 16 network for this purpose, but doing so would make it easier for opponents to detect the fighter jet and the drone. The F-22, which has long only had the ability to transmit and not receive data via Link 16, faces similar issues.

[…]

Expanding the ability of the F-35, specifically, to serve in the drone controller role has potential ramifications beyond the Air Force’s CCA program. The Air Force and Navy have already been working together on systems that will allow for the seamless exchange of control of CCAs and other drones belonging to either service during future operations. The U.S. Marine Corps, which is pursuing its own loyal wingman-type drones currently through experimentation with Kratos XQ-58 Valkyries, also has formal ties to the Air Force’s CCA program. All three services fly variants of the Joint Strike Fighter.

It’s also worth noting here that the U.S. military has been publicly demonstrating the ability of tactical jets to actively control drones in mid-air for nearly a decade now, at least. In 2015, a U.S. Marine Corps AV-8B Harrier jump jet flew notably together with a Kratos Unmanned Tactical Aerial Platform-22 (UTAP-22) drone in testing that included “command and control through the tactical data link.” Other experimentation is known to have occurred across the U.S. military since then, and this doesn’t account for additional work in the classified domain.

[…]

Source: F-35 AI-Enabled Drone Controller Capability Successfully Demonstrated

The EU’s AI Act – a very quick primer on what and why

Posted on by

Have you ever been in a group project where one person decided to take a shortcut, and suddenly, everyone ended up under stricter rules? That’s essentially what the EU is saying to tech companies with the AI Act: “Because some of you couldn’t resist being creepy, we now have to regulate everything.” This legislation isn’t just a slap on the wrist—it’s a line in the sand for the future of ethical AI.

Here’s what went wrong, what the EU is doing about it, and how businesses can adapt without losing their edge.

When AI Went Too Far: The Stories We’d Like to Forget

Target and the Teen Pregnancy Reveal

One of the most infamous examples of AI gone wrong happened back in 2012, when Target used predictive analytics to market to pregnant customers. By analyzing shopping habits—think unscented lotion and prenatal vitamins—they managed to identify a teenage girl as pregnant before she told her family. Imagine her father’s reaction when baby coupons started arriving in the mail. It wasn’t just invasive; it was a wake-up call about how much data we hand over without realizing it. (Read more)

Clearview AI and the Privacy Problem

On the law enforcement front, tools like Clearview AI created a massive facial recognition database by scraping billions of images from the internet. Police departments used it to identify suspects, but it didn’t take long for privacy advocates to cry foul. People discovered their faces were part of this database without consent, and lawsuits followed. This wasn’t just a misstep—it was a full-blown controversy about surveillance overreach. (Learn more)

The EU’s AI Act: Laying Down the Law

The EU has had enough of these oversteps. Enter the AI Act: the first major legislation of its kind, categorizing AI systems into four risk levels:

  1. Minimal Risk: Chatbots that recommend books—low stakes, little oversight.
  2. Limited Risk: Systems like AI-powered spam filters, requiring transparency but little more.
  3. High Risk: This is where things get serious—AI used in hiring, law enforcement, or medical devices. These systems must meet stringent requirements for transparency, human oversight, and fairness.
  4. Unacceptable Risk: Think dystopian sci-fi—social scoring systems or manipulative algorithms that exploit vulnerabilities. These are outright banned.

For companies operating high-risk AI, the EU demands a new level of accountability. That means documenting how systems work, ensuring explainability, and submitting to audits. If you don’t comply, the fines are enormous—up to €35 million or 7% of global annual revenue, whichever is higher.

Why This Matters (and Why It’s Complicated)

The Act is about more than just fines. It’s the EU saying, “We want AI, but we want it to be trustworthy.” At its heart, this is a “don’t be evil” moment, but achieving that balance is tricky.

On one hand, the rules make sense. Who wouldn’t want guardrails around AI systems making decisions about hiring or healthcare? But on the other hand, compliance is costly, especially for smaller companies. Without careful implementation, these regulations could unintentionally stifle innovation, leaving only the big players standing.

Innovating Without Breaking the Rules

For companies, the EU’s AI Act is both a challenge and an opportunity. Yes, it’s more work, but leaning into these regulations now could position your business as a leader in ethical AI. Here’s how:

  • Audit Your AI Systems: Start with a clear inventory. Which of your systems fall into the EU’s risk categories? If you don’t know, it’s time for a third-party assessment.
  • Build Transparency Into Your Processes: Treat documentation and explainability as non-negotiables. Think of it as labeling every ingredient in your product—customers and regulators will thank you.
  • Engage Early With Regulators: The rules aren’t static, and you have a voice. Collaborate with policymakers to shape guidelines that balance innovation and ethics.
  • Invest in Ethics by Design: Make ethical considerations part of your development process from day one. Partner with ethicists and diverse stakeholders to identify potential issues early.
  • Stay Dynamic: AI evolves fast, and so do regulations. Build flexibility into your systems so you can adapt without overhauling everything.

The Bottom Line

The EU’s AI Act isn’t about stifling progress; it’s about creating a framework for responsible innovation. It’s a reaction to the bad actors who’ve made AI feel invasive rather than empowering. By stepping up now—auditing systems, prioritizing transparency, and engaging with regulators—companies can turn this challenge into a competitive advantage.

The message from the EU is clear: if you want a seat at the table, you need to bring something trustworthy. This isn’t about “nice-to-have” compliance; it’s about building a future where AI works for people, not at their expense.

And if we do it right this time? Maybe we really can have nice things.

Source: The EU’s AI Act – Gigaom

Inheritance, “cronyism and corruption” or monopoly power grows billionaire wealth in 2024 in second-largest annual increase since records began

Posted on by

The wealth of the world’s billionaires grew by $2tn (£1.64tn) last year, three times faster than in 2023, amounting to $5.7bn (£4.7bn) a day, according to a report by Oxfam.

The latest inequality report from the charity reveals that the world is now on track to have five trillionaires within a decade, a change from last year’s forecast of one trillionaire within 10 years.

[…]

At the same time, the number of people living under the World Bank poverty line of $6.85 a day has barely changed since 1990, and is close to 3.6 billion – equivalent to 44% of the world’s population today, the charity said. One in 10 women lives in extreme poverty (below $2.15 a day), which means 24.3 million more women than men endure extreme poverty.

Oxfam warned that progress on reducing poverty has ground to a halt and that extreme poverty could be ended three times faster if inequality were to be reduced.

[…]

Rising share values on global stock exchanges account for most of the increase in billionaire wealth, though higher property values also played a role. Residential property accounts for about 80% of worldwide investments.

Globally, the number of billionaires rose by 204 last year to 2,769. Their combined wealth jumped from $13tn to $15tn in just 12 months – the second-largest annual increase since records began. The wealth of the world’s 10 richest men grew on average by almost $100m a day and even if they lost 99% of their wealth overnight, they would remain billionaires.

[…]

The report argues that most of the wealth is taken, not earned, as 60% comes from either inheritance, “cronyism and corruption” or monopoly power. It calculates that 18% of the wealth arises from monopoly power.

[…]

Anna Marriott, Oxfam’s inequality policy lead, said: “Last year we predicted the first trillionaire could emerge within a decade, but this shocking acceleration of wealth means that the world is now on course for at least five. The global economic system is broken, wholly unfit for purpose as it enables and perpetuates this explosion of riches, while nearly half of humanity continues to live in poverty.”

She called on the UK government to prioritise economic policies that bring down inequality, including higher taxation of the super-rich.

[…]

Source: Wealth of world’s billionaires grew by $2tn in 2024, report finds | The super-rich | The Guardian