Microsoft has removed Windows Mixed Reality from Windows 11.
With Windows 11 24H2, the latest major version of Microsoft’s PC operating system, you can no longer use a Windows MR headset in any way – not even on Steam.
This includes all the Windows MR headsets from Acer, Asus, Dell, HP, Lenovo, and Samsung, including HP’s Reverb G2, released in 2020.
Screenshot taken by UploadVR.
UploadVR tested Windows 11 24H2 with a Reverb G2 and found the above notice. Microsoft confirmed to UploadVR that this is an intentional removal when it originally announced the move back in December.
In August 3.49% of SteamVR users were using a Windows MR headset, which we estimate to be around 80,000 people. If they install Windows 11 24H2, their VR headset will effectively become a paperweight.
“Existing Windows Mixed Reality devices will continue to work with Steam through November 2026, if users remain on their current released version of Windows 11 (version 23H2) and do not upgrade to this year’s annual feature update for Windows 11 (version 24H2).”
The death of Windows MR headsets comes on the same week Microsoft revealed that HoloLens 2 production has ended, and that software support for the AR headset will end after 2027.
Despite the name, all Windows MR headsets were actually VR-only, and are compatible with most SteamVR content via Microsoft’s SteamVR driver.
The first Windows MR headsets arrived in late 2017 from Acer, Asus, Dell, HP, Lenovo, and Samsung, aiming to compete with the Oculus Rift and HTC Vive that had launched a year earlier. They were the first consumer VR products to deliver inside-out positional tracking, for both the headset and controllers.
[…]
In recent years Microsoft has shifted its XR focus to a software-based long term strategic partnership with Meta.
Soon, it will also bring automatic extension of Windows 11 laptops by just looking at them, including spawning entirely virtual extra monitors.
And earlier this year Microsoft announced Windows Volumetric Apps, a new API for extending 3D elements of PC applications being streamed to Meta Quest into 3D space.
A real crying shame. So another reason people will hang on to their Windows 10 installations even more. Hopefully (but doubtfully) they will release the source code and allow people to chug on under their own steam. Bricking these headsets in under four years should be illegal.
The Netherlands’ government and opposition are both against the latest version of the controversial EU regulation aimed at detecting online child sexual abuse material (CSAM), according to an official position and an open letter published on Tuesday (1 October).
The regulation, aimed at detecting online CSAM, has been criticised for potentially allowing the scanning of private messages on platforms such as WhatsApp or Gmail.
However, the latest compromise text, dated 9 September, limits detection to known material, among other changes. ‘Known’ material refers to content that has already been circulating and detected, in contrast to ‘new’ material that has not yet been identified.
The Hungarian presidency of the Council of the EU shared a partial general approach dated 24 September and seen by Euractiv, that mirrors the 9 September text but reduces the reevaluation period from five years to three for grooming and new CSAM.
Limiting detection to known material could hinder authorities’ ability to surveil massive amounts of communications, suggesting the change is likely an attempt to reconcile privacy concerns.
The Netherlands initially supported the proposal to limit detection to ‘known’ material but withdrew its support in early September, Euractiv reported.
On Tuesday (1 October), Amsterdam officially took a stance against the general approach, despite speculation last week suggesting the country might shift its position in favour of the regulation.
This is also despite the Dutch mostly maintaining that their primary concern lies with combating known CSAM – a focus that aligns with the scope of the latest proposal.
According to various statistics, the Netherlands hosts a significant amount of CSAM.
The Dutch had been considering supporting the proposal, or at least a “silent abstention” that might have weakened the blocking minority, signalling a shift since Friday (27 September), a source close to the matter told Euractiv.
While a change in the Netherlands’ stance could have affected the blocking minority in the EU Council, their current position now strengthens it.
If the draft law were to pass in the EU Council, the next stage would be interinstitutional negotiations, called trilogues, between the European Parliament, the Council of the EU, and the Commission to finalise the legislation.
Both the Dutch government and the opposition are against supporting the new partial general approach.
Opposition party GroenLinks-PvdA (Greens/EFA) published an open letter, also on Tuesday, backed by a coalition of national and EU-based private and non-profit organisations, urging the government to vote against the proposal.
According to the letter, the regulation will be discussed at the Justice and Home Affairs Council on 11 October, with positions coordinated among member states on 2 October.
Currently, an interim regulation allows companies to detect and report online CSAM voluntarily. Originally set to expire in 2024, this measure has been extended to 2026 to avoid a legislative gap, as the draft for a permanent law has yet to be agreed.
The Dutch Secret Service opposed the draft regulation because “introducing a scan application on every mobile phone” with infrastructure to manage the scans would be a complex and extensive system that would introduce risks to digital resilience, according to a decision note.
Mazda recently surprised customers by requiring them to sign up for a subscription in order to keep certain services. Now, notable right-to-repair advocate Louis Rossmann is calling out the brand. He points to several moves by Mazda as reasons for his anger toward them. However, it turns out that customers might still have a workaround.
Previously, the Japanese carmaker offered connected services, that included several features such as remote start, without the need for a subscription. At the time, the company informed customers that these services would eventually transition to a paid model.
It’s important to clarify that there are two very different types of remote start we’re talking about here. The first type is the one many people are familiar with where you use the key fob to start the vehicle. The second method involves using another device like a smartphone to start the car. In the latter, connected services do the heavy lifting.
Transition to paid services
What is wild is that Mazda used to offer the first option on the fob. Now, it only offers the second kind, where one starts the car via phone through its connected services for a $10 monthly subscription, which comes to $120 a year. Rossmann points out that one individual, Brandon Rorthweiler, developed a workaround in 2023 to enable remote start without Mazda’s subscription fees.
However, according to Ars Technica, Mazda filed a DMCA takedown notice to kill that open-source project. The company claimed it contained code that violated “[Mazda’s] copyright ownership” and used “certain Mazda information, including proprietary API information.” Additionally, Mazda argued that the project included code providing functionality identical to that found in its official apps available on the Apple App Store and Google Play Store.
That doesn’t mean an aftermarket remote starter kit won’t work though. In fact, with Mazda’s subscription model now in place, it’s not hard to imagine customers flocking to aftermarket solutions to avoid the extra fees. However, by not opting to pay for Mazda Connected Services, owners will also miss out on things like vehicle health reports, remote keyless entry, and vehicle status reports.
A growing trend
Bear in mind that this is just one case of an automaker trying to milk their customers with subscription-based features, which could net them millions in extra income. BMW, for example, installs adaptive suspension hardware in some vehicles but charges $27.50 per month (or $505 for a one-time purchase) to unlock the software that makes the suspension actually work.
And then there’s Ferrari’s plan to offer a battery subscription for extended warranty coverage on its hybrid models for a measly $7,500 per year!
[…]
sure, you might have paid a considerable amount of money to buy your car, and it might legally be yours, but that does not ensure that you really own all of the features it comes with, unless you’re prepared to pay extra.
It’s a well-known secret that inkjet ink is being kept at artificially high prices, which is why many opt to forego ‘genuine’ manufacturer cartridges and get third-party ones instead. Many of these third-party ones are so-called re-manufactured ones, where a third-party refills an empty OEM cartridge. This is increasingly being done due to digital rights management (DRM) reasons, with tracking chips added to each cartridge. These chip prohibit e.g. the manual refilling of empty cartridges with a syringe, but with the right tweak or attack can be bypassed, with [Jay Summet] showing off an interesting HP cartridge DRM bypass using a physical man-in-the-middle-attack.
This bypass takes the form of a flex PCB with contacts on both sides which align with those on the cartridge and those of the printer. What looks like a single IC in a QFN package is located on the cartridge side, with space for it created inside an apparently milled indentation in the cartridge’s plastic. This allows is to fit flush between the cartridge and HP inkjet printer, intercepting traffic and presumably telling the printer some sweet lies so that you can go on with that print job rather than dash out to the store to get some more overpriced Genuine HP-approved cartridges.
Not that HP isn’t aware or not ticked off about this, mind. Recently they threatened to brick HP printers that use third-party cartridges if detected, amidst vague handwaving about ‘hackers’ and ‘viruses’ and ‘protecting the users’ with their Dynamic Security DRM system. As the many lawsuits regarding this DRM system trickle their way through the legal system, it might be worth it to keep a monochrome laser printer standing by just in case the (HP) inkjet throws another vague error when all you want is to just print a text document.
One of the many interesting aspects of the current enthusiasm for generative AI is the way that it has electrified the formerly rather sleepy world of copyright. Where before publishers thought they had successfully locked down more or less everything digital with copyright, they now find themselves confronted with deep-pocketed companies – both established ones like Google and Microsoft, and newer ones like OpenAI – that want to overturn the previous norms of using copyright material. In particular, the latter group want to train their AI systems on huge quantities of text, images, videos and sounds.
As Walled Culture has reported, this has led to a spate of lawsuits from the copyright world, desperate to retain their control over digital material. They have framed this as an act of solidarity with the poor exploited creators. It’s a shrewd move, and one that seems to be gaining traction. Lots of writers and artists think they are being robbed of something by Big AI, even though that view is based on a misunderstanding of how generative AI works. However, in the light of stories like one in The Bookseller, they might want to reconsider their views about who exactly is being evil here:
Academic publisher Wiley has revealed it is set to make $44 million (£33 million) from Artificial Intelligence (AI) partnerships that it is not giving authors the opportunity to opt-out from.
As to whether authors would share in that bounty:
A spokesperson confirmed that Wiley authors are set to receive remuneration for the licensing of their work based on their “contractual terms”.
That might mean they get nothing, if there is no explicit clause in their contract about sharing AI licensing income. For example, here’s what is happening with the publisher Taylor & Francis:
In July, authors hit out another academic publisher, Taylor & Francis, the parent company of Routledge, over an AI deal with Microsoft worth $10 million, claiming they were not given the opportunity to opt out and are receiving no extra payment for the use of their research by the tech company. T&F later confirmed it was set to make $75 million from two AI partnership deals.
It’s not just in the world of academic publishing that deals are being struck. Back in July, Forbes reported on a “flurry of AI licensing activity”:
The most active area for individual deals right now by far—judging from publicly known deals—is news and journalism. Over the past year, organizations including Vox Media (parent of New York magazine, The Verge, and Eater), News Corp (Wall Street Journal, New York Post, The Times (London)), Dotdash Meredith (People, Entertainment Weekly, InStyle), Time, The Atlantic, Financial Times, and European giants such as Le Monde of France, Axel Springer of Germany, and Prisa Media of Spain have each made licensing deals with OpenAI.
In the absence of any public promises to pass on some of the money these licensing deals will bring, it is not unreasonable to assume that journalists won’t be seeing much if any of it, just as they aren’t seeing much from the link tax.
The increasing number of such licensing deals between publishers and AI companies shows that the former aren’t really too worried about the latter ingesting huge quantities of material for training their AI systems, provided they get paid. And the fact that there is no sign of this money being passed on in its entirety to the people who actually created that material, also confirms that publishers don’t really care about creators. In other words, it’s pretty much what was the status quo before generative AI came along. For doing nothing, the intermediaries are extracting money from the digital giants by invoking the creators and their copyrights. Those creators do all the work, but once again see little to no benefit from the deals that are being signed behind closed doors.
The Bigscreen Beyond is a small and lightweight VR headset that in part achieves its small size and weight by requiring custom fitting based on a facial scan. [Val’s Virtuals] managed to improve fitment even more by redesigning a facial interface and using a 3D scan of one’s own head to fine-tune the result even further. The new designs distribute weight more evenly while also providing an optional flip-up connection.
It may be true that only a minority of people own a Bigscreen Beyond headset, and even fewer of them are willing to DIY their own custom facial interface. But [Val]’s workflow and directions for using Blender to combine a 3D scan of one’s face with his redesigned parts to create a custom-fitted, foam-lined facial interface is good reading, and worth keeping in mind for anyone who designs wearables that could benefit from custom fitting. It’s all spelled out in the project’s documentation — look for the .txt file among the 3D models.
Replicable and reliable research is essential for cumulative science and its applications in practice. This article examines the quality of research on dishonesty using a sample of 286 hand-coded test statistics from 99 articles. Z-curve analysis indicates a low expected replication rate, a high proportion of missing studies, and an inflated false discovery risk. Test of insufficient variance (TIVA) finds that 11/61 articles with multiple test statistics contain results that are “too-good-to-be-true”. Sensitivity analysis confirms the robustness of the findings. In conclusion, caution is advised when relying on or applying the existing literature on dishonesty.
[…] Today, a group of independent security researchers revealed that they’d found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the Internet-connected features of most modern Kia vehicles—dozens of models representing millions of cars on the road—from the smartphone of a car’s owner to the hackers’ own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any Internet-connected Kia vehicle’s license plate and within seconds gain the ability to track that car’s location, unlock the car, honk its horn, or start its ignition at will.
[…]
The web bug they used to hack Kias is, in fact, the second of its kind that they’ve reported to the Hyundai-owned company; they found a similar technique for hijacking Kias’ digital systems last year. And those bugs are just two among a slew of similar web-based vulnerabilities they’ve discovered within the last two years that have affected cars sold by Acura, Genesis, Honda, Hyundai, Infiniti, Toyota, and more.
“The more we’ve looked into this, the more it became very obvious that web security for vehicles is very poor,”
[…]
The Kia hacking technique the group found works by exploiting a relatively simple flaw in the backend of Kia’s web portal for customers and dealers, which is used to set up and manage access to its connected car features. When the researchers sent commands directly to the API of that website—the interface that allows users to interact with its underlying data—they say they found that there was nothing preventing them from accessing the privileges of a Kia dealer, such as assigning or reassigning control of the vehicles’ features to any customer account they created. “It’s really simple. They weren’t checking if a user is a dealer,” says Rivera. “And that’s kind of a big issue.”
Kia’s web portal allowed lookups of cars based on their vehicle identification number (VIN). But the hackers found they could quickly find a car’s VIN after obtaining its license plate number using the website PlateToVin.com.
More broadly, Rivera adds, any dealer using the system seemed to have been trusted with a shocking amount of control over which vehicles’ features were linked with any particular account. “Dealers have way too much power, even over vehicles that don’t touch their lot,” Rivera says.
Like them or not, ads run the world. They’re the reason so much content out there is free of charge—or, at least, less expensive. But while it’s one thing to watch an ad before jumping into a YouTube video, or to see ads surrounding an article, it’s another thing entirely to be forced to see ads even when you’re not engaging with the product.
That, apparently, is what’s going on with LG TVs right now. While anyone with a smart TV may be familiar with seeing more ads throughout their television experience, LG is taking things up a notch” Now, the company is displaying ads during screensavers. I guess leaving your TV idle isn’t “free” anymore.
FlatpanelsHD made the discovery when reviewing LG’s G4 OLED TV. These ads display in full-screen before reverting back to the screensaver you expect to see. FlatpanelsHD saw full-screen ads for LG Channels, LG’s free streaming service that includes ads, but confirmed through LG there can be advertisements from third-party partners as well.
While FlatpanelsHD may have been among the first to see these ads in the wild, they aren’t a secret. In fact, LG Ad Solutions announced the initiative on Sept. 5, in a post titled “Idle Time Isn’t Wasted Time — LG Ad Solutions Finds that Screensaver Ads Are In Fact Effective.” The program even has a name, “Native Screensaver Ads,” and runs across the Home Screen, LG Channels, and Content Store on LG Smart TVs. According to the announcement, Native Screensaver Ads turn “what may be perceived as a period of downtime into a valuable engagement opportunity.” Cool.
[…]
I didn’t buy my LG TV to encourage me to buy stuff: I purposefully watch shows and movies on it (and play the occasional game). It’s insulting to think I want to leave my TV running in the background at all times, and be fine with constant, targeted ads in my space. If you feel the same, the good news is there’s a way to block these ads in the first place.
How to disable LG screensaver ads
If you have an LG smart TV, head to your device’s Settings, then choose Additional Settings. If your TV is affected, you should see a Screen Saver Promotion option. Disable it, and you should be spared from idle encouragements to shop.
The outlet reveals (via Android Authority) that the ads start playing before the screensaver hits the screen and are usually sponsored messages from LG or its partners. The review highlighted one specific ad for the LG Channels app: LG’s free live TV service with ads. FlatpanelsHD adds that according to LG’s ad division, users will soon start seeing ads for other products and services.
The review mentions that “some of the ads” can be disabled, and there’s also an option under ‘Additional Settings’ to disable screensaver ads. But it’s almost sinful to push ads on a $2,400 device.
What makes this whole thing more bizarre is that, according to the review, LG pushes the same ads with the same frequency on its cheaper offerings. Oddly, it does nothing to differentiate the experience of purchasing a high-end model from an entry-level one. The brand’s OLED line is already pricey, but the G4 is allegedly “one of the most expensive TVs on the market,” according to FlatpanelsHD. I can only imagine how this will play out for the South Korean company. As FlatpanelsHD said, “LG must reconsider this strategy if they want to sell high-end TVs.”
[…]A research team at the Department of Energy’s Oak Ridge National Laboratory has created a novel advanced microscopy tool to “write” with atoms, placing those atoms exactly where they are needed to give a material new properties.
“By working at the atomic scale, we also work at the scale where quantum properties naturally emerge and persist,” said Stephen Jesse, a materials scientist who leads this research and heads the Nanomaterials Characterizations section at ORNL’s Center for Nanophase Materials Sciences, or CNMS.
The synthescope will advance the state of the art in fabrication down to the level of the individual building blocks of materials. This new approach allows researchers to place different atoms into a material at specific locations; the new atoms and their locations can be selected to give the material new properties.
We realized that if we have a microscope that can resolve atoms, we may be able to use the same microscope to move atoms or alter materials with atomic precision. We also want to be able to add atoms to the structures we create, so we need a supply of atoms. The idea morphed into an atomic-scale synthesis platform—the synthescope.”
That is important because the ability to tailor materials atom-by-atom can be applied to many future technological applications in quantum information science, and more broadly in microelectronics and catalysis, and for gaining a deeper understanding of materials synthesis processes. This work could facilitate atomic-scale manufacturing, which is notoriously challenging.
“Simply by the fact that we can now start putting atoms where we want, we can think about creating arrays of atoms that are precisely positioned close enough together that they can entangle, and therefore share their quantum properties, which is key to making quantum devices more powerful than conventional ones,” Dyck said.
Such devices might include quantum computers—a proposed next generation of computers that may vastly outpace today’s fastest supercomputers; quantum sensors; and quantum communication devices that require a source of a single photon to create a secure quantum communications system.
“We are not just moving atoms around,” Jesse said. “We show that we can add a variety of atoms to a material that were not previously there and put them where we want them. Currently there is no technology that allows you to place different elements exactly where you want to place them and have the right bonding and structure. With this technology, we could build structures from the atom up, designed for their electronic, optical, chemical or structural properties.”
The scientists, who are part of the CNMS, a nanoscience research center and DOE Office of Science user facility, detailed their research and their vision in a series of four papers in scientific journals over the course of a year, starting with proof of principle that the synthescope could be realized. They have applied for a patent on the technology.
“With these papers, we are redirecting what atomic-scale fabrication will look like using electron beams,” Dyck said. “Together these manuscripts outline what we believe will be the direction atomic fabrication technology will take in the near future and the change in conceptualization that is needed to advance the field.”
By using an electron beam, or e-beam, to remove and deposit the atoms, the ORNL scientists could accomplish a direct writing procedure at the atomic level.
“The process is remarkably intuitive,” said ORNL’s Andrew Lupini, STEM group leader and a member of the research team. “STEMs work by transmitting a high-energy e-beam through a material. The e-beam is focused to a point smaller than the distance between atoms and scans across the material to create an image with atomic resolution. However, STEMs are notorious for damaging the very materials they are imaging.”
The scientists realized they could exploit this destructive “bug” and instead use it as a constructive feature and create holes on purpose. Then, they can put whatever atom they want in that hole, exactly where they made the defect. By purposely damaging the material, they create a new material with different and useful properties.
[…]
To demonstrate the method, the researchers moved an e-beam back and forth over a graphene lattice, creating minuscule holes. They inserted tin atoms into those holes and achieved a continuous, atom-by-atom, direct writing process, thereby populating the exact same places where the carbon atom had been with tin atoms.
With the perennial tensions between proprietary and open source software (OSS) unlikely to end anytime soon, a $3 billion startup is throwing its weight behind a new licensing paradigm — one that’s designed to bridge the open and proprietary worlds, replete with new definition, terminology, and governance model.
Developer software company Sentry recently introduced a new license category dubbed “fair source.” Sentry is an initial adopter, as are some half dozen others, including GitButler, a developer tooling company from one of GitHub’s founders
The fair source concept is designed to help companies align themselves with the “open” software development sphere, without encroaching into existing licensing landscapes, be that open source, open core, or source-available, and while avoiding any negative associations that exist with “proprietary.”
However, fair source is also a response to the growing sense that open source isn’t working out commercially.
“Open source isn’t a business model — open source is a distribution model, it’s a software development model, primarily,” Chad Whitacre, Sentry’s head of open source, told TechCrunch. “And in fact, it places severe limits on what business models are available, because of the licensing terms.”
[…]
Sentry, an app performance monitoring platform that helps companies such as Microsoft and Disney detect and diagnose buggy software, was initially available under a permissive BSD 3-Clause open source license. But in 2019, the product transitioned to a business source license (BUSL), a more restrictive source-available license initially created by MariaDB. This move was to counter what co-founder and CTO David Cramer called “funded businesses plagiarizing or copying our work to directly compete with Sentry.”
Fast forward to last August, and Sentry announced that it was making a recently acquired developer tool called Codecov “open source.” This was to the chagrin of many, who questioned whether the company could really call it “open source” given that it was being released under BUSL — a license that isn’t compatible with the Open Source Initiative’s (OSI) definition of “open source.”
Cramer swiftly issued an apology of sorts, explaining that while it had erroneously used the descriptor, the BUSL license adheres to the spirit of what many open source licenses are about: Users can self-host and modify the code without paying the creator a dime. They just can’t commercialize the product as a competing service.
But BUSL isn’t open source.
“We sort of stuck our foot in it, stirred the hornet’s next,” Whitacre said. “But it was during the debate that followed where we realized that we need a new term. Because we’re not closed source, and clearly, the community does not accept that we’re open source. And we’re not open core, either.”
Those who follow the open source world know that terminology is everything, and Sentry is far from the first company to fall in its (mis)use of the established nomenclature.
[…]
For now, the main recommended fair source license is the Functional Source License (FSL), which Sentry itself launched last year as a simpler alternative to BUSL. However, BUSL itself has also now been designated fair source, as has the all-new Fair Core License (FCL) which was contributed by Keygen, both of which are included to support the needs of different projects.
Companies are welcome to submit their own license for consideration, though all fair source licenses should have three core stipulations: It [the code] should be publicly available to read; allow third parties to use, modify, and redistribute with “minimal restrictions“; and have a delayed open source publication (DOSP) stipulation, meaning it converts to a true open source license after a predefined period of time. With Sentry’s FSL license, that period is two years; for BUSL, the default period is four years.
The concept of “delaying” publication of source code under a true open source license is a key defining element of a fair source license, separating it from other models such as open core. The DOSP protects a company’s commercial interests in the short term, before the code becomes fully open source.
[…]
In many ways, fair source is simply an exercise in branding — one that allows companies to cherry-pick parts of an established open source ethos that they cherish, while getting to avoid calling themselves “proprietary” or some other variant.
The new programme of the Dutch cabinet under Prime Minister Dick Schoof reflects the tough migration stance promised during the election campaign, outlining a comprehensive plan to radically reform the country’s asylum system and push for an opt-out from EU migration policies.
The Schoof cabinet’s plans for the upcoming term were unveiled today (13 September).
The government’s newly published programme builds on the key agreements reached earlier this year after extensive negotiations between the former Liberal Party for Freedom and Democracy (VVD), led by the successor to former prime minister Mark Rutte, Wilders’ Freedom Party (PVV), New Social Contract (NSC) party and Citizen-Farmer Movement.
The programme echoes the hardline stance on migration that dominated the campaign rhetoric and outlines a broad package of measures aimed at radically reforming the asylum system, citing “pressure on housing, healthcare, and education” as threats to social cohesion and safety.
“We must change direction and cut the influx immediately. That’s why I’m introducing the strictest asylum policy ever,” said the Minister of Asylum and Migration from the far-right populist PVV Marjolein Faber on X just before the programme’s release.
A key element of the strategy focuses on action at the European level, including reforms to regulations and international treaties, as the government plans to take the issue to Brussels “as soon as possible” to achieve “an opt-out from European asylum and migration regulations.”
At last week’s Ambrosetti Forum in Cernobbio, PVV leader Geert Wilders reiterated his call for EU countries to have an opt-out option on immigration and asylum policies.
Last week, Minister Faber announced in her debut parliamentary debate that the cabinet intends to declare the asylum crisis an emergency – bypassing parliamentary approval – to swiftly enact measures to cut the migrant influx.
The programme addresses the asylum crisis, including a new Asylum Crisis Law as part of its structural reforms, as well as a redefinition of the nuclear family to restrict family reunification.
It also mentions the scrapping of indefinite asylum permits, allowing periodic reviews to determine if protection is still needed or if individuals can be returned to their home countries.
Following last November’s national election, which was prompted by the collapse of the fourth Rutte cabinet over immigration policy disputes, Geert Wilders’s far-right party PVV emerged victorious. Securing a landslide victory with 37 seats, PVV became the largest party in the Dutch parliament.
However, despite winning the election, Wilders opted not to personally join the government. Instead, Dick Schoof, an unelected career bureaucrat who previously headed the Dutch intelligence agency AIVD and served as a top official at the Ministry of Justice, was appointed prime minister by the King last July.
A Texas telecommunications startup launched its first five massive “BlueBird” communications satellites into orbit on September 12. Each device is nearly 700-feet-wide when fully deployed, and like BlueWalker 3—AST SpaceMobile’s 2022 prototype, also in orbit—every BlueBird will soon shine brighter than most stars and planets in the night sky. But despite the concerns of critics and experts alike, the company’s CEO vows they are “just getting started.”
Founded in 2017, AST SpaceMobile is currently working with AT&T to construct the world’s first space-based cellular broadband network. In a statement on Thursday, AT&T Chief Operating Officer Jeff McElfresh said it’s all part of a plan to offer “a future where our customers will only be hard to reach if they choose to be.” AST SpaceMobile successfully delivered its BlueWalker 3 prototype into low-Earth orbit (LEO) in September 2022, and demonstrated it by allowing a smartphone to make a voice call the following September. Less than a month after the milestone, an international study published in Nature confirmed BlueWalker 3’s peak brightness matched that of Procyon and Achernar, two of the ten brightest stars in the night sky. Subsequent observations recorded even higher magnitudes similar to the stars that make up the constellation of Orion.
Each of the five BlueBirds now in orbit are roughly the same size as BlueWalker 3, meaning they will soon offer similar experiences for sky observers—sometimes visible even to the naked eye. But to achieve a reliable, high speed, and commercially viable satellite broadband network, AST SpaceMobile says it will need to deploy a constellation of nearly 90 satellites.
During a livestream of Thursday’s launch, company founder, chairman, and CEO Abel Avellan said many future satellite iterations will be “three-and-a-half-times larger” than the current BlueBirds. Such a scaling up would make each new, fully deployed device around 2425-square-feet in diameter, or about half the size of a regulation NBA basketball court. As Gizmodo noted on September 13, there are currently no legal restrictions for satellite brightness.
Gigantic satellite constellation arrays are growing at a rate that eclipses both regulatory oversight and experts’ concerns. Shortly after BlueWalker 3’s launch in 2022, the committee speaking on behalf of the International Astronomical Union uniformly denounced its delivery, describing it as “a big shift in the constellation satellite issue [that] should give us all reason to pause.”
AST SpaceMobile is far from the only company pursuing similar projects. SpaceX’s ongoing Starlink internet endeavor intends to eventually include as many as 7,000 satellites in orbit, in spite of its own share of public criticism. Meanwhile, advocates continue to stress the dangers of orbital pollution from decommissioned satellites and debris, often referred to as “space junk.” Without proper oversight and cleanup efforts, experts have repeatedly warned of the possibility of initiating a “Kessler cascade.” In these scenarios, the untenable amount of human-made objects leads to ever-increasing collisions, causing debris to deorbit and pose a danger to anything in its path.
In a statement provided to Popular Science, a spokesperson said that “AST SpaceMobile is committed to the responsible use of space as we advance our goal of using space-based, satellite technology to connect directly with everyday smartphones and help bring broadband to billions of people worldwide who do not have access today.”
Scientists have recorded electrical activity in the brains of awake cats for the first time, thanks to specially crocheted wool caps that hold the electrodes in place.
The technique gives researchers a way to assess chronic pain in cats and could lead to novel treatments, says Aude Castel at the University of Montreal in Canada.
About a quarter of all adult cats live with chronic pain due to osteoarthritis, which gets worse with age. Because treatment options are limited and generally involve significant side effects, Castel and her colleagues have been seeking alternative ways to relieve pain in cats, such as aromatherapy.
Electroencephalograms (EEGs) can be helpful in assessing the effects of such treatments because they can show the brain’s responses to pain and to stimulation of the senses. Thus far, though, the only EEGs carried out in cats have been performed in sedated animals.
Castel and her colleagues attempted to place electrodes on the heads of 11 awake, adult cats – all of which had osteoarthritis – in order to record their brain activity in response to smelling a variety of substances and seeing different wavelengths of light. However, the cats regularly shook their heads, causing the electrodes to shift out of place or fall off. Finally, the researchers realised they could take advantage of a new fashion for cats: crocheted caps.
“When you spend more time putting electrodes back on than you do actually recording the EEGs, you get creative,” says team member Aliénor Delsart, also at the University of Montreal.
The team asked a graduate student to crochet special cat caps to hold the electrodes, inspired by a tutorial on YouTube. With the new hats in place, the researchers found that the electrodes stayed in position and that the cats no longer tried to play with or chew the wires.
The EEG recordings in the awake cats were mostly usable, although a few still had too much interference from the cats’ head movements. Even so, the results allowed the team to determine critical brain activity related to the cats’ pain levels and reactions to various smells and coloured lighting.
As such, the team plans to use the EEG caps in future studies to determine how various treatments – including drugs and alternative therapies like odours and lighting – affect the cats’ perception of pain, says Delsart.
Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company’s Microsoft Sharepoint server.
Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN devices. The company also offers SIEM, network management, and EDR/XDR solutions, as well as consulting services.
Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet’s Azure Sharepoint instance. The threat actor then shared credentials to an alleged S3 bucket where the stolen data is stored for other threat actors to download.
[…]
The threat actor, known as “Fortibitch,” claims to have tried to extort Fortinet into paying a ransom, likely to prevent the publishing of data, but the company refused to pay.
In response to our questions about incident, Fortinet confirmed that customer data was stolen from a “third-party cloud-based shared file drive.”
[…]
Earlier today, Fortinet did not disclose how many customers are impacted or what kind of data has been compromised but said that it “communicated directly with customers as appropriate.”
A later update shared on Fortinet’s website says that the incident affected less than 0.3% of its customer base and that it has not resulted in any malicious activity targeting customers.
[…]
In May 2023, a threat actor claimed to have breached the GitHub repositories for the company Panopta, who was acquired by Fortinet in 2020, and leaked stolen data on a Russian-speaking hacking forum.
Today, a group of six computer scientists are revealing a new attack against Apple’s Vision Pro mixed reality headset where exposed eye-tracking data allowed them to decipher what people entered on the device’s virtual keyboard. The attack, dubbed GAZEploit and shared exclusively with WIRED, allowed the researchers to successfully reconstruct passwords, PINs, and messages people typed with their eyes.
“Based on the direction of the eye movement, the hacker can determine which key the victim is now typing,” says Hanqiu Wang, one of the leading researchers involved in the work. They identified the correct letters people typed in passwords 77 percent of the time within five guesses and 92 percent of the time in messages.
To be clear, the researchers did not gain access to Apple’s headset to see what they were viewing. Instead, they worked out what people were typing by remotely analyzing the eye movements of a virtual avatar created by the Vision Pro. This avatar can be used in Zoom calls, Teams, Slack, Reddit, Tinder, Twitter, Skype, and FaceTime.
Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries.
Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.
Dozens of variants
Although Doctor Web has a thorough understanding of Vo1d and the exceptional reach it has achieved, company researchers say they have yet to determine the attack vector that has led to the infections.
“At the moment, the source of the TV boxes’ backdoor infection remains unknown,” Thursday’s post stated. “One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access.”
The following device models infected by Vo1d are:
TV box model
Declared firmware version
R4
Android 7.1.2; R4 Build/NHG47K
TV BOX
Android 12.1; TV BOX Build/NHG47K
KJ-SMART4KVIP
Android 10.1; KJ-SMART4KVIP Build/NHG47K
One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What’s more, Doctor Web said it’s not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models.
Further, while only licensed device makers are permitted to modify Google’s AndroidTV, any device maker is free to make changes to open source versions. That leaves open the possibility that the devices were infected in the supply chain and were already compromised by the time they were purchased by the end user.
[…]
The statement said people can confirm a device runs Android TV OS by checking this link and following the steps listed here.
[…]
It’s not especially easy for less experienced people to check if a device is infected short of installing malware scanners. Doctor Web said its antivirus software for Android will detect all Vo1d variants and disinfect devices that provide root access. More experienced users can check indicators of compromise here.
Installed DSM 7.2.2-72806 on my DS1821+. The update automatically updated Surveillance Station to 9.2.1-11374.
When updating I received the following notice:
Surveillance Station will automatically install the Surveillance Video Extension package. After this update, the Live View Analytics app will no longer be supported. The support for HEVC (H.265) cameras will undergo the following changes, while AVC (H.264) cameras will remain unaffected: Unsupported features:
Motion detection by Surveillance Station
Continuing to take snapshots after events for email notifications
Adjusted mechanisms:
Event snapshot
Thumbnails (e.g., thumbnails for IP cameras, detection results, timeline preview)
There was also a warning stating:
DS cam Android 3.10.0 or above, iOS 5.9.0 or above:
H.265 camera streams might not be able to play:
If any issues occur with live streaming or video playback, consider changing the camera’s video format to H.264 or using a mobile device that supports H.265 format.
Once the update was finished and I opened Surveillance Station I received this warning:
Some H.265 cameras’s motion detection has been reconfigured or disabled. In this update, Surveillance Station no longer supports H.265 cameras to configure motion detection using Surveillance Station ‘s algorithms. The motion detection setting is automatically switched to using camera’s built-in algorithm if available. Otherwise, the motion detection is disabled. The related functions (e.g., recording schedule, notification, alarm, and action rule) will also be affected.
Testing Surveillance Station in Chrome it is completely broken. There are no previews for my cameras, recordings can’t be played back, etc. This all worked before the update, although I normally use the client. https://imgur.com/a/47m5ukO
Using the Surveillance Station Client on my Mac, there are almost no changes. The camera previews work, hovering over the timeline in monitor center displays a preview, recordings can be played back, smart time-lapse recording in h265 works, etc. https://imgur.com/a/RBVM2ET
Under the camera settings, I can still set a recording schedule, the only thing that was removed is the option to use the Synology detection algorithm under Event Detection. Advanced Event (Smart Event) settings still work. https://imgur.com/a/TFoKvJk
In Monitor Center all previous events from before the update are missing (I can’t jump to the last motion event), but the files themselves are still there in recordings. https://imgur.com/a/PJHBVd3
The iOS app still works fine with no issues.
Ultimately the only change for me is that I now have to configure event detection by logging into each camera recording in h265, everything else is the same as before.
Cameras I tested with are Hikvision DS-2CD2385G1-I recording in h265+ and Reolink E1 Pros.
In this week’s Patch Tuesday Microsoft alerted users to, among other vulnerabilities, a flaw in Windows Installer that can be exploited by malware or a rogue user to gain SYSTEM-level privileges to hijack a PC.
The vulnerability, CVE-2024-38014, was spotted and privately disclosed by security shop SEC Consult, which has now shared the full details of how this attack works. The researcher has released an open source tool to scan a system for Installer files that can be abused to elevate local privileges.
Microsoft said the bug is already exploited, which may mean it acknowledges that SEC Consult’s exploit for the flaw works, or that bad people are abusing this in the wild, or both
[…]
SECC researcher Michael Baer found the exploitable weakness in January. Fixing it turned out to be a complex task and Microsoft asked for more time to address it with a patch, which it implemented this week. The original plan was to close the hole in May, but that slipped to this September for technical reasons. Now Baer has written a blog post explaining exactly how the attack works.
Essentially, a low privileged user opens an Installer package to repair some already-installed code on a vulnerable Windows system. The user does this by running an .msi file for a program, launching the Installer to handle it, and then selecting the option to repair the program (eg, like this). There is a brief opportunity to hijack that repair process, which runs with full SYSTEM rights, and gain those privileges, giving much more control over the PC.
When the repair process begins, a black command-line window opens up briefly to run a Windows program called certutil.exe. Quickly right clicking on the window’s top bar and selecting “Properties” will stop the program from disappearing and open a dialog box in which the user can click on a web link labeled “legacy console mode.” The OS will then prompt the user to open a browser to handle that link. Select Firefox, ideally, to handle that request.
Then in the browser, press Control-O to open a file, type cmd.exe in the top address bar of the dialog box, hit Enter, and bam – you’ve got a command prompt as SYSTEM. That’s because the Installer spawned the browser with those rights from that link.
Ever wish Windows worked just a little bit differently? You’re not alone. Windhawk is a free and open source application offering dozens of community curated “mods” for Windows and Windows applications. It’s the simplest tool for customizing Windows that I’ve come across.
The application, which you can download for free, gives you a sort of app store for Windows mods. You can browse the mods online, too, if you’re curious. I found customizations that can do things you’d otherwise need dedicated software for—everything from replacing the Windows 11 start menu with an older version, to adding the labels back to taskbar icons. Basically, if you’ve got an itch to change something about how Windows works, there’s a good chance Windhawk can scratch it.
When you open Windhawk, you’ll be presented with the mod marketplace. From here you can browse and install mods in a couple of clicks.
Credit: Justin Pot
You will be warned to think critically every time you go to install a mod. There will also be a link to the Github page for the mod creator, which means you look into the script if you’re worried. This caution is appreciated—you should always think critically before installing mods like this.
Credit: Justin Pot
After installing a mode you can configure it within the application—just check the “Settings” section for the mod. For example, if you’ve decided to change the look for the Windows taskbar, you can select which theme you want.
Credit: Justin Pot
Here are a few of my favorite mods I’ve found (so far) to get you started:
Taskbar height and icon size lets you slim down the chonky taskbar back to the height it was in the glory days of Windows 2000.
Windows 11 start menu styler lets you replace the cluttered start menu with something more streamlined, or with a start menu you remember from previous version of Windows.
Taskbar clock customization lets you changes what information does and doesn’t show up in the taskbar clock, formatting that however you like and even including headlines from an RSS feed if you want.
Taskbar volume control makes it easier to adjust the volume—put your mouse anywhere on the taskbar and scroll up and down. Simple.
Disable grouping on the taskbar means every window you have open has its own taskbar icon, even multiple windows in the same app.
I could spend all day talking about the different things this application can do, but the real fun comes from exploring and tweaking until everything works just the way you want it. My recommendation: dive in.
The commission said at the time that Google had favored its own shopping comparison service over those of its rivals.
Google appealed the decision with the General Court, the EU’s second-highest court, which also upheld the fine. Google then brought the case before the European Court of Justice, the EU’s top court.
The ECJ on Tuesday dismissed the appeal and upheld the commission’s fine.
Apple will be required to pay $14 billion in back taxes to Ireland after Europe’s top court released a new ruling on Tuesday, according to a report from the Financial Times. Apple CEO Tim Cook has previously called the case “total political crap” but the judgment is final and Apple will not be able to appeal.
The European Commission’s executive vice president, Margrethe Vestager, first brought the case against Apple alleging that Ireland had given the tech company a deal that “constituted illegal State aid,” by waiving so much in taxes. Apple is now on the hook to pay those taxes, which have been sitting in an escrow account for the past six years, according to the Financial Times. Oddly enough, the original €14.3 billion set aside has fallen in value after first being set aside in 2018 because it was invested in European government bonds.
Someday soon, if Ford has its way, drivers and passengers may be bombarded with infotainment ads tailored to their personal and vehicle data.
This sure-to-please-everyone idea comes via a patent application [PDF] filed by Ford Global Technologies late last month that proposes displaying ads to drivers based on their destination, route, who’s in the car, and various other data points able to be collected by modern vehicles.
According to the patent application, infotainment advertising could be varied depending on the situation and user feedback. In one example, Ford supposes showing a visual ad to passengers every 10 minutes while on the highway, and if someone responds positively to audio ads, the system could ramp up the frequency, playing audio ads every five minutes.
Of course, simply playing more ads might frustrate people, which Ford seems to understand because the pending patent notes it would have to account for “a user’s natural inclination to seek minimal or no ads.”
In order to assure advertisers that user preference is ultimately circumvented, Ford said its proposed infotainment system would be designed to “intelligently schedule variable durations of ads, with playing time seeking to maximize company revenue while minimizing the impact on user experience.”
The system would also be able to listen to conversations so it could serve ads during lulls in chatter, ostensibly to be less intrusive while being anything but.
Given the rush by some automakers to turning their vehicles into subscription-based cars-as-a-service, egged on by the chip world, we’re not surprised by efforts to wring more money out of motorists, this time with adverts. We assume patent filings similar to Ford’s have been made.
Trust us!
Then there’s the fact that automakers aren’t terrific on privacy and safeguarding the kinds of info that are used to tailor ads. In September last year, Mozilla published a report on the privacy policies of several automakers whose connected vehicles harvest information about owners, finding that 25 major manufacturers – Ford among them – failed to live up to the Firefox maker’s standards.
Just a couple of months later, a Washington state appeals court ruled it was perfectly legal for vehicles to harvest text and call data from connected smartphones and store it all in memory.
US senators have urged the FTC to investigate several car makers for allegedly selling customer data unlawfully, though we note Ford is not among the companies accused in that matter.
That said, the patent application makes no mention of how the automaker would protect user data used to serve in-vehicle ads. A couple of other potentially privacy-infringing Ford patents from the past year are worth mentioning, too.
The ideas within a patent application should not be viewed as an indication of our product plans
In 2023, Ford filed a patent application for an embedded vehicle system that would automate vehicle repossession if car payments weren’t made. Over the summer, another application describes a system where vehicles monitor each other’s speeds, and if one detects a nearby car speeding, it could snap photos using onboard cameras and send the images, along with speed data, directly to police or roadside monitors. Neither have privacy advocates thrilled.
Bear in mind neither of those patents may ever see the production, and this advertising one might not make it past the “let’s file this patent before the competition just in case” stage of life, either. That’s even what Ford essentially told us.
“Submitting patent applications is a normal part of any strong business as the process protects new ideas and helps us build a robust portfolio of intellectual property,” a Ford spokesperson told The Register. “The ideas described within a patent application should not be viewed as an indication of our business or product plans.”
Ford also said it always puts customers first in development of new products and services, though didn’t directly answer questions about a lack of privacy assurances in the patent application. In any case, it may not actually happen. Until it does.
Around 1.7 million people will receive a letter from Florida-based Slim CD, if they haven’t already, after the company detected an intrusion dating back nearly a year.
Slim CD provides payment processing solutions, thus credit card numbers along with their expiry dates are among the data types potentially compromised in the incident.
The cardholder’s name and address may also be affected, meaning potential for financial fraud should that data be sold, although Slim CD says it hasn’t detected any misuse of the data.
[…]
Among the questions we put to the company was why it took so long for the break-in to be detected, and whether it believed there were any failures in its ability to detect such incidents.
A postmortem carried out by the company and third-party experts revealed that the intrusion began on August 17, 2023, but was only discovered “on or about” June 15 this year.
[…]
There was no apology in the letter [PDF] sent to the 1.693 million potentially affected customers, who were instead encouraged to order a free credit report and remain vigilant against any malicious account activity.
