"Today's most effective corporate lobbying no longer involves wooing members of Congress..." writes the Wall Street Journal. Instead the lobbying sector "now works in secret to influence lawmakers with the help of an unlikely ally: you." [Lobbyists] teamed up with PR gurus, social-media experts, political pollsters, data analysts and grassroots organizers to foment seemingly organic public outcries designed to pressure lawmakers and compel them to take actions that would benefit the lobbyists' corporate clients...

By the middle of 2011, an army of lobbyists working for the pillars of the corporate lobbying establishment — the major movie studios, the music industry, pharmaceutical manufacturers and the U.S. Chamber of Commerce — were executing a nearly $100 million campaign to win approval for the internet bill [the PROTECT IP Act, or "PIPA"]. They pressured scores of lawmakers to co-sponsor the legislation. At one point, 99 of the 100 members of the U.S. Senate appeared ready to support it — an astounding number, given that most bills have just a handful of co-sponsors before they are called up for a vote. When lobbyists for Google and its allies went to Capitol Hill, they made little headway. Against such well-financed and influential opponents, the futility of the traditional lobbying approach became clear. If tech companies were going to turn back the anti-piracy bills, they would need to find another way.

It was around this time that one of Google's Washington strategists suggested an alternative strategy. "Let's rally our users," Adam Kovacevich, then 34 and a senior member of Google's Washington office, told colleagues. Kovacevich turned Google's opposition to the anti-piracy legislation into a coast-to-coast political influence effort with all the bells and whistles of a presidential campaign. The goal: to whip up enough opposition to the legislation among ordinary Americans that Congress would be forced to abandon the effort... The campaign slogan they settled on — "Don't Kill the Internet" — exaggerated the likely impact of the bill, but it succeeded in stirring apprehension among web users.

The coup de grace came on Jan. 18, 2012, when Google and its allies pulled off the mother of all outside influence campaigns. When users logged on to the web that day, they discovered, to their great frustration, that many of the sites they'd come to rely on — Wikipedia, Reddit, Craigslist — were either blacked out or displayed text outlining the detrimental impacts of the proposed legislation. For its part, Google inserted a black censorship bar over its multicolored logo and posted a tool that enabled users to contact their elected representatives. "Tell Congress: Please don't censor the web!" a message on Google's home page read. With some 115,000 websites taking part, the protest achieved a staggering reach. Tens of millions of people visited Wikipedia's blacked-out website, 4.5 million users signed a Google petition opposing the legislation, and more than 2.4 million people took to Twitter to express their views on the bills. "We must stop [these bills] to keep the web open & free," the reality TV star Kim Kardashian wrote in a tweet to her 10 million followers...

Within two days, the legislation was dead...

Over the following decade, outside influence tactics would become the cornerstone of Washington's lobbying industry — and they remain so today.
"The 2012 effort is considered the most successful consumer mobilization in the history of internet policy," writes the Washington Post — agreeing that it's since spawned more app-based, crowdsourced lobbying campaigns. Sites like Airbnb "have also repeatedly asked their users to oppose city government restrictions on the apps." Uber, Lyft, DoorDash and other gig work companies also blitzed the apps' users with scenarios of higher prices or suspended service unless people voted for a 2020 California ballot measure on contract workers. Voters approved it."

The Wall Street Journal also details how lobbyists successfully killed higher taxes for tobacco products, the oil-and-gas industry, and even on private-equity investors — and note similar tactics were used against a bill targeting TikTok. "Some say the campaign backfired. Lawmakers complained that the effort showed how the Chinese government could co-opt internet users to do their bidding in the U.S., and the House of Representatives voted to ban the app if its owners did not agree to sell it.

"TikTok's lobbyists said they were pleased with the effort. They persuaded 65 members of the House to vote in favor of the company and are confident that the Senate will block the effort."

The Journal's article was adapted from an upcoming book titled "The Wolves of K Street: The Secret History of How Big Money Took Over Big Government." But the Washington Post argues the phenomenon raises two questions. "How much do you want technology companies to turn you into their lobbyists? And what's in it for you?"

An anonymous reader quotes a report from Ars Technica: On Wednesday, the IEEE Computer Society announced to members that, after April 1, it would no longer accept papers that include a frequently used image of a 1972 Playboy model named Lena Forsen. The so-called "Lenna image," (Forsen added an extra "n" to her name in her Playboy appearance to aid pronunciation) has been used in image processing research since 1973 and has attracted criticism for making some women feel unwelcome in the field. In an email from the IEEE Computer Society sent to members on Wednesday, Technical & Conference Activities Vice President Terry Benzel wrote, "IEEE's diversity statement and supporting policies such as the IEEE Code of Ethics speak to IEEE's commitment to promoting an including and equitable culture that welcomes all. In alignment with this culture and with respect to the wishes of the subject of the image, Lena Forsen, IEEE will no longer accept submitted papers which include the 'Lena image.'"

An uncropped version of the 512×512-pixel test image originally appeared as the centerfold picture for the December 1972 issue of Playboy Magazine. Usage of the Lenna image in image processing began in June or July 1973 (PDF) when an assistant professor named Alexander Sawchuck and a graduate student at the University of Southern California Signal and Image Processing Institute scanned a square portion of the centerfold image with a primitive drum scanner, omitting nudity present in the original image. They scanned it for a colleague's conference paper, and after that, others began to use the image as well. The image's use spread in other papers throughout the 1970s, 80s, and 90s, and it caught Playboy's attention, but the company decided to overlook the copyright violations. In 1997, Playboy helped track down Forsén, who appeared at the 50th Annual Conference of the Society for Imaging Science in Technology, signing autographs for fans. "They must be so tired of me ... looking at the same picture for all these years!" she said at the time. VP of new media at Playboy Eileen Kent told Wired, "We decided we should exploit this, because it is a phenomenon."

The image, which features Forsen's face and bare shoulder as she wears a hat with a purple feather, was reportedly ideal for testing image processing systems in the early years of digital image technology due to its high contrast and varied detail. It is also a sexually suggestive photo of an attractive woman, and its use by men in the computer field has garnered criticism over the decades, especially from female scientists and engineers who felt that the image (especially related to its association with the Playboy brand) objectified women and created an academic climate where they did not feel entirely welcome. Due to some of this criticism, which dates back to at least 1996, the journal Nature banned the use of the Lena image in paper submissions in 2018.

Victoria Song reports via The Verge: When Gmail launched with a goofy press release 20 years ago next week, many assumed it was a hoax. The service promised a gargantuan 1 gigabyte of storage, an excessive quantity in an era of 15-megabyte inboxes. It claimed to be completely free at a time when many inboxes were paid. And then there was the date: the service was announced on April Fools' Day, portending some kind of prank. But soon, invites to Gmail's very real beta started going out -- and they became a must-have for a certain kind of in-the-know tech fan. At my nerdy high school, having one was your fastest ticket to the cool kids' table. I remember trying to track one down for myself. I didn't know whether I actually needed Gmail, just that all my classmates said Gmail would change my life forever.

Teenagers are notoriously dramatic, but Gmail did revolutionize email. It reimagined what our inboxes were capable of and became a central part of our online identities. The service now has an estimated 1.2 billion users -- about 1/7 of the global population -- and these days, it's a practical necessity to do anything online. It often feels like Gmail has always been here and always will be. But 20 years later, I don't know anyone who's champing at the bit to open up Gmail. Managing your inbox is often a chore, and other messaging apps like Slack and WhatsApp have come to dominate how we communicate online. What was once a game-changing tool sometimes feels like it's been sidelined. In another 20 years, will Gmail still be this central to our lives? Or will it -- and email -- be a thing of the past?

Tobias Mann reports via The Register: Cloud server provider Vultr has rapidly revised its terms-of-service after netizens raised the alarm over broad clauses that demanded the "perpetual, irrevocable, royalty-free" rights to customer "content." The red tape was updated in January, as captured by the Internet Archive, and this month users were asked to agree to the changes by a pop-up that appeared when using their web-based Vultr control panel. That prompted folks to look through the terms, and there they found clauses granting the US outfit a "worldwide license ... to use, reproduce, process, adapt ... modify, prepare derivative works, publish, transmit, and distribute" user content.

It turned out these demands have been in place since before the January update; customers have only just noticed them now. Given Vultr hosts servers and storage in the cloud for its subscribers, some feared the biz was giving itself way too much ownership over their stuff, all in this age of AI training data being put up for sale by platforms. In response to online outcry, largely stemming from Reddit, Vultr in the past few hours rewrote its ToS to delete those asserted content rights. CEO J.J. Kardwell told The Register earlier today it's a case of standard legal boilerplate being taken out of context. The clauses were supposed to apply to customer forum posts, rather than private server content, and while, yes, the terms make more sense with that in mind, one might argue the legalese was overly broad in any case.

"We do not use user data," Kardwell stressed to us. "We never have, and we never will. We take privacy and security very seriously. It's at the core of what we do globally." [...] According to Kardwell, the content clauses are entirely separate to user data deployed in its cloud, and are more aimed at one's use of the Vultr website, emphasizing the last line of the relevant fine print: "... for purposes of providing the services to you." He also pointed out that the wording has been that way for some time, and added the prompt asking users to agree to an updated ToS was actually spurred by unrelated Microsoft licensing changes. In light of the controversy, Vultr vowed to remove the above section to "simplify and further clarify" its ToS, and has indeed done so. In a separate statement, the biz told The Register the removal will be followed by a full review and update to its terms of service. "It's clearly causing confusion for some portion of users. We recognize that the average user doesn't have a law degree," Kardwell added. "We're very focused on being responsive to the community and the concerns people have and we believe the strongest thing we can do to demonstrate that there is no bad intent here is to remove it."

The Register: Cloudflare has revealed a little about how it maintains the millions of boxes it operates around the world -- including the concept of an "error budget" that enacts "empathy embedded in automation." In a Tuesday post titled "Autonomous hardware diagnostics and recovery at scale," the internet-taming biz explains that it built fault-tolerant infrastructure that can continue operating with "little to no impact" on its services. But as explained by infrastructure engineering tech lead Jet Marsical and systems engineers Aakash Shah and Yilin Xiong, when servers did break the Data Center Operations team relied on manual processes to identify dead boxes. And those processes could take "hours for a single server alone, and [could] easily consume an engineer's entire day."

Which does not work at hyperscale. Worse, dead servers would sometimes remain powered on, costing Cloudflare money without producing anything of value. Enter Phoenix -- a tool Cloudflare created to detect broken servers and automatically initiate workflows to get them fixed. Phoenix makes a "discovery run" every thirty minutes, during which it probes up to two datacenters known to house broken boxen. That pace of discovery means Phoenix can find dead machines across Cloudflare's network in no more than three days. If it spots machines already listed for repairs, it "takes care of ensuring that the Recovery phase is executed immediately."

An anonymous reader quotes a report from The Verge, written by Nilay Patel: Today, I'm talking to Jay Graber, the CEO of Bluesky Social, which is a decentralized competitor to Twitter, er, X. Bluesky actually started inside of what was then known as Twitter — it was a project from then-CEO Jack Dorsey, who spent his days wandering the earth and saying things like Twitter should be a protocol and not a company. Bluesky was supposed to be that protocol, but Jack spun it out of Twitter in 2021, just before Elon Musk bought the company and renamed it X. Bluesky is now an independent company with a few dozen employees, and it finds itself in the middle of one of the most chaotic moments in the history of social media. There are a lot of companies and ideas competing for space on the post-Twitter internet, and Jay makes a convincing argument that decentralization -- the idea that you should be able to take your username and following to different servers as you wish -- is the future. It's a powerful concept that's been kicking around for a long time, but now it feels closer to reality than ever before. You've heard us talk about it a lot on Decoder: the core idea is that no single company -- or individual billionaire -- can amass too much power and control over our social networks and the conversations that happen on them.

Bluesky's approach to this is something called the AT Protocol, which powers Bluesky's own platform but which is also a technology that anyone can use right now to host their own servers and, eventually, interoperate with a bunch of other networks. You'll hear Jay explain how building Bluesky the product alongside AT Protocol the protocol has created a cooperate-compete dynamic that runs throughout the entire company and that also informs how it's building products and features -- not only for its own service but also for developers to build on top of. Jay and I also talked about the growth of the Bluesky app, which now has more than 5 million users, and how so many of the company's early decisions around product design and moderation have shaped the type of organic culture that's taken hold there. Content moderation is, of course, one of the biggest challenges any platform faces, and Bluesky, in particular, has had its fair share of controversies. But the idea behind AT Protocol and Bluesky is devolving control, so Bluesky users can pick their own moderation systems and recommendation algorithms -- a grand experiment that I wanted to know much more about.

Finally, Jay and I had the opportunity to get technical and go deeper on standards and protocols, which are the beating heart of the decentralization movement. Bluesky's AT Protocol is far from the only protocol in the mix -- there's also ActivityPub, which is what powers Mastodon and, soon, Meta's Threads. There's been some real animosity between these camps, and I asked Jay about the differences between the two, the benefits of Bluesky's approach, and how she sees the two coexisting in the future.

An anonymous reader shares a report: The number of landline users has plummeted with the rise of cellphones, and the 19th-century technology's days appear to be numbered. Providers like AT&T are looking to exit the business by transitioning customers to cellphones or home telephone service over broadband connections. But for many of the millions of people still clinging to their copper-based landline telephones, newer alternatives are either unavailable, too expensive, or are unreliable when it matters most: in an emergency.

According to the National Center for Health Statistics, only a quarter of adults in the United States still have landlines and only around 5 percent say they mostly or only rely on them. The largest group of people holding onto their landlines are 65 and older. Meanwhile, more than 70 percent of adults are using wireless phones only. The copper lines used for traditional landlines carry electricity over the wires, so as long as a phone is corded or charged it will work during a power outage. Landlines are separate from cellular and broadband networks and are not affected by their outages, making them a necessary backstop in rural areas. Many of those same areas have inadequate cellular or internet coverage.

"In three, four, maybe five years a lot of states are going to say 'Okay, it's permissible to discontinue service if you, the phone company, can demonstrate there's functional alternative service,'" says Rob Frieden, an Academy and Emeritus Professor of Telecommunications and Law at Pennsylvania State University. AT&T recently asked the California Public Utilities Commission to end its obligation to provide landline service in parts of the state. The Federal Communications Commission, which has to approve a request to end service, said it hasn't received one from AT&T.

Long-time Slashdot reader theodp writes: Last month there was a special Google-funded edition of Highlights for Children, the 77-year-old magazine targetting children between the ages of 6 and 12. This edition was based on Google's "Be Internet Awesome" curriculum, and 1.25 million copies of the print magazine were distributed to children, schools, and other organizations. It's all part of a new partnership between Google and Highlights.

A Google.org blog post calls out the special issue's Goofus and Gallant cartoon, in which always-does-the-wrong-thing Goofus "promised Kayden he wouldn't share the silly photo, but he shares it anyway", while always-does-the-right-thing Gallant "asks others if it's OK to share their photos"...
theodp's orignal submission linked ironically to Slashdot's earlier story, "Google Hit With Lawsuit Alleging It Stole Data From Millions of Users To Train Its AI Tools."

But even beyond that, it's not always clear what the cartoon is teaching. (In one picture it looks like they're condemning Goofus for not intervening in a flame war between two other people — "Be Kind!")

Still, for me the biggest surprise is that Goofus and Gallant even have laptops. (How old are these kids, that they're already uploading photos of the other children onto the internet?!) Will 6- to 12-year-old children start demanding that their parents buy them their own laptop now — since even Goofus and Gallant already have them?

An anonymous reader shared this report from The Register: Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised U.S. defense organizations, UK government agencies, and hundreds of other entities, according to Mandiant.

The Google-owned threat hunters said they assess, "with moderate confidence," that a crew they track as UNC5174 was behind the exploitation of CVE-2023-46747, a 9.8-out-of-10-CVSS-rated remote code execution bug in the F5 BIG-IP Traffic Management User Interface, and CVE-2024-1709, a path traversal flaw in ConnectWise ScreenConnect that scored a perfect 10 out of 10 CVSS severity rating.

UNC5174 uses the online persona Uteus, and has bragged about its links to China's Ministry of State Security (MSS) — boasts that may well be true. The gang focuses on gaining initial access into victim organizations and then reselling access to valuable targets... Just last month, Mandiant noticed the same combination of tools, believed to be unique to this particular Chinese gang, being used to exploit the ConnectWise flaw and compromise "hundreds" or entities, mostly in the U.S. and Canada. Also between October 2023 and February 2024, UNC5174 exploited CVE-2023-22518 in Atlassian Confluence, CVE-2022-0185 in Linux kernels, and CVE-2022-3052, a Zyxel Firewall OS command injection vulnerability, according to Mandiant.

These campaigns included "extensive reconnaissance, web application fuzzing, and aggressive scanning for vulnerabilities on internet-facing systems belonging to prominent universities in the U.S., Oceania, and Hong Kong regions," the threat intel team noted.
More details from The Record. "One of the strangest things the researchers found was that UNC5174 would create backdoors into compromised systems and then patch the vulnerability they used to break in. Mandiant said it believes this was an 'attempt to limit subsequent exploitation of the system by additional unrelated threat actors attempting to access the appliance.'"

It was March 24, 1999 that The Matrix premiered, premembers the Wall Street Journal. "To rewatch The Matrix is to be reminded of how primitive our technology was just 25 years ago. We see computers with bulky screens, cellphones with keypads and a once-ubiquitous feature of our society known as 'pay phones,' central to the plot of the film."

But the article's headline warns that "25 Years Later, We're All Trapped in 'The Matrix'". [I]n a strange way, the film has become more relevant today than it was in 1999. With the rise of the smartphone and social media, genuine human interaction has dropped precipitously. Today many people, like Cypher, would rather spend their time in the imaginary realms offered by technology than engage in a genuine relationship with other human beings.

In the film, one of the representatives of the AI, the villainous Agent Smith, played by Hugo Weaving, tells Morpheus that the false reality of the Matrix is set in 1999 because that year was "the peak of your civilization. I say your civilization, because as soon as we started thinking for you it really became our civilization." Indeed, not long after "The Matrix" premiered, humanity hooked itself up to a matrix of its own. There is no denying that our lives have become better in many ways thanks to the internet and smartphones. But the epidemic of loneliness and depression that has swept society reveals that many of us are now walled off from one another in vats of our own making...

For today's dwellers in the digital cave, the path back into the light doesn't involve taking a pill, as in "The Matrix," or being rescued by a philosopher. We ourselves have the power to resist the extremes of the digital world, even as we remain linked to it. You can find hints of an unplugged "Zion" in the Sabbath tables of observant Jews, where electronic devices are forbidden, and in university seminars where laptops are banned so that students can engage with a text and each other.

Twenty-five years ago, "The Matrix" offered us a modern twist on Plato's cave. Today we are once again asking what it will take to find our way out of the lonely darkness, into the brilliance of other human souls in the real world.

CNN looks back to when "dial-up internet (and its iconic dial tone) was 'still a thing..." "File-sharing services like Napster and LimeWire were just beginning to take off... And in sweaty dorm rooms and sparse basements across the world, people brought their desktop monitors together to set up a local area network (LAN) and play multiplayer games — "Half-Life," "Counter-Strike," "Starsiege: Tribes," "StarCraft," "WarCraft" or "Unreal Tournament," to name just a few. These were informal but high-stakes gatherings, then known as LAN parties, whether winning a box of energy drinks or just the joy of emerging victorious. The parties could last several days and nights, with gamers crowded together among heavy computers and fast food boxes, crashing underneath their desks in sleeping bags and taking breaks to pull pranks on each other or watch movies...

It's this nostalgia that prompted writer and podcaster Merritt K to document the era's gaming culture in her new photobook "LAN Party: Inside the Multiplayer Revolution." After floating the idea on X, the social media platform formerly known as Twitter, she received an immediate — and visceral — response from old-school gamers all too keen to share memories and photos from LAN parties and gaming conventions across the world... It's strange to remember that the internet was once a place you went to spend time with other real people; a tethered space, not a cling-film-like reality enveloping the corporeal world from your own pocket....

Growing up as a teenager in this era, you could feel a sense of hope (that perhaps now feels like naivete) about the possibilities of technology, K explained. The book is full of photos featuring people smiling and posing with their desktop monitors, pride and fanfare apparent... "It felt like, 'Wow, the future is coming,'" K said. "It was this exciting time where you felt like you were just charting your own way. I don't want to romanticize it too much, because obviously it wasn't perfect, but it was a very, very different experience...."

"We've kind of lost a lot of control, I think over our relationship to technology," K said. "We have lost a lot of privacy as well. There's less of a sense of exploration because there just isn't as much out there."
One photo shows a stack of Mountain Dew cans (remembering that by 2007 the company had even released a line of soda called "Game Fuel"). "It was a little more communal," the book's author told CNN. "If you're playing games in the same room with someone, it's a different experience than doing it online. You can only be so much of a jackass to somebody who was sitting three feet away from you..."

They adds that that feeling of connecting to people in other places "was cool. It wasn't something that was taken for granted yet."

BleepingComputer reports on "a new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols."

According to their article, the attack "can pair network services into an indefinite communication loop that creates large volumes of traffic." Devised by researchers at the CISPA Helmholtz-Center for Information Security, the attack uses the User Datagram Protocol (UDP) and impacts an estimated 300,000 host and their networks. The attack is possible due to a vulnerability, currently tracked as CVE-2024-2169, in the implementation of the UDP protocol, which is susceptible to IP spoofing and does not provide sufficient packet verification. An attacker exploiting the vulnerability creates a self-perpetuating mechanism that generates excessive traffic without limits and without a way to stop it, leading to a denial-of-service (DoS) condition on the target system or even an entire network. Loop DoS relies on IP spoofing and can be triggered from a single host that sends one message to start the communication.

According to the Carnegie Mellon CERT Coordination Center (CERT/CC) there are three potential outcomes when an attacker leverages the vulnerability:

— Overloading of a vulnerable service and causing it to become unstable or unusable.
— DoS attack on the network backbone, causing network outages to other services.
— Amplification attacks that involve network loops causing amplified DOS or DDOS attacks.

CISPA researchers Yepeng Pan and Professor Dr. Christian Rossow say the potential impact is notable, spanning both outdated (QOTD, Chargen, Echo) and modern protocols (DNS, NTP, TFTP) that are crucial for basic internet-based functions like time synchronization, domain name resolution, and file transfer without authentication... The researchers warned that the attack is easy to exploit, noting that there is no evidence indicating active exploitation at this time. Rossow and Pan shared their findings with affected vendors and notified CERT/CC for coordinated disclosure. So far, vendors who confirmed their implementations are affected by CVE-2024-2169 are Broadcom, Cisco, Honeywell, Microsoft, and MikroTik.

To avoid the risk of denial of service via Loop DoS, CERT/CC recommends installing the latest patches from vendors that address the vulnerability and replace products that no longer receive security updates. Using firewall rules and access-control lists for UDP applications, turning off unnecessary UDP services, and implementing TCP or request validation are also measures that can mitigate the risk of an attack. Furthermore, the organization recommends deploying anti-spoofing solutions like BCP38 and Unicast Reverse Path Forwarding (uRPF), and using Quality-of-Service (QoS) measures to limit network traffic and protect against abuse from network loops and DoS amplifications.
Thanks to long-time Slashdot reader schneidafunk for sharing the article.

"My favorite kind of science fiction involves stories rooted in real science..." writes NPR's reviewer. "[T]here is something special about seeing characters wrestle with concepts closer to our current understanding of how the universe works."

The Verge calls it an "impressive" and "leaner" story than the book, arguing "it's a good one — and very occasionally a great one" that introduces the author's key ideas, though channelling "the book's spirit but not its brilliance."

And Slate calls it a "downright transformative" adaptation, "jettisoning most of the novel's characters and plucking scenes from all three books," while accusing it of "making the trilogy's expansive and philosophical story into something much more pedestrian and digestible."

But Reuters notes there's huge interest in China over this adaptation (by the co-creator of Mem>Game of Thrones) for the first Asian novel to win the Hugo Award for best science fiction novel. "The new series was trending on Chinese social media platform Weibo on Friday," reports Reuters, "with 21 million views so far." (The show came in first on Weibo's "top hot" trend rankings, they add, "despite Netflix being officially inaccessible in China. Chinese viewers would have had to watch the Netflix series from behind a VPN or on a pirate site.")

So what was their verdict? CNN reports Netflix's adaptation "has split opinions in China and sparked online nationalist anger over scenes depicting a violent and tumultuous period in the country's modern history." Among the country's more patriotic internet users, discussions on the adaptation turned political, with some accusing the big-budget American production of making China look bad. The show opens with a harrowing scene depicting Mao Zedong's Cultural Revolution, which consumed China in bloodshed and chaos for a decade from 1966... "Netflix you don't understand 'The Three Body Problem' or Ye Wenjie at all!" read a comment on social media platform Weibo. "You only understand political correctness!"

Others came to the show's defense, saying the scene closely follows depictions in the book — and is a truthful reenactment of history. "History is far more absurd than a TV series, but you guys pretend not to see it," read one comment on Douban, a popular site for reviewing movies, books and music.

Author Liu said in an interview with the New York Times in 2019 that he had originally wanted to open the book with scenes from Mao's Cultural Revolution, but his Chinese publisher worried they would never make it past government censors and buried them in the middle of the narrative. The English version of the book, translated by Ken Liu, put the scenes at the novel's beginning, with the author's blessing... Various other aspects of the show, from its casting and visual effects to the radical changes to the story's original setting and characters, also attracted the ire of Chinese social media users. Many compared it to a Chinese television adaptation released last year — a much lengthier and closer retelling of the book that ran to 30 episodes and was highly rated on Chinese review platforms.

The Netflix adaptation featured an international cast and placed much of the action in present-day London — thus making the story a lot less Chinese.

An anonymous reader quotes a report from the New York Times: General Motors said Friday that it had stopped sharing details about how people drove its cars with two data brokers that created risk profiles for the insurance industry. The decision followed a New York Times report this month that G.M. had, for years, been sharing data about drivers' mileage, braking, acceleration and speed with the insurance industry. The drivers were enrolled -- some unknowingly, they said -- in OnStar Smart Driver, a feature in G.M.'s internet-connected cars that collected data about how the car had been driven and promised feedback and digital badges for good driving. Some drivers said their insurance rates had increased as a result of the captured data, which G.M. shared with two brokers, LexisNexis Risk Solutions and Verisk. The firms then sold the data to insurance companies. Since Wednesday, "OnStar Smart Driver customer data is no longer being shared with LexisNexis or Verisk," a G.M. spokeswoman, Malorie Lucich, said in an emailed statement. "Customer trust is a priority for us, and we are actively evaluating our privacy processes and policies."

The Dutch pirate site blocklist has expanded with two new targets, shadow libraries Anna's Archive and Library Genesis. The court order was obtained by local anti-piracy group BREIN, acting on behalf of major publishers. Interestingly, Z-Library isn't listed in the blocking order, despite explicit warnings previously issued by BREIN. TorrentFreak reports: All blocking requests were submitted by local anti-piracy group BREIN, which acts on behalf of rightsholders. These include the major Hollywood studios but BREIN's purview is much broader. Last week, it obtained the latest blocking order, this time on behalf of the publishing industry. Issued by the Rotterdam District Court, the order requires a local Internet provider to block two well-known shadow libraries; "Anna's Archive" and "Library Genesis" (LibGen). News of this new court order was shared by BREIN which notes that both sites were found to make copyright infringing works available on a large scale. At the time of writing, a published copy is not available but, based on the covenant, all large Internet providers are expected to implement the blockades. "These types of illegal shadow libraries are very harmful. The only ones who benefit are the anonymous owners of these illegal services. Authors and publishers see no return on their efforts and investments," BREIN comments. "Copyright holders deserve an honest living. There are numerous legal ways to obtain ebooks. If desired, this can also be done very cheaply; through the library for example."

The Rotterdam court issued a so-called 'dynamic' blocking order, meaning that rightsholders can update the targeted domains and IP addresses if the sites switch to new ones in the future. This also applies to mirrors and increases the blockades' effectiveness, as there is no need to return to court. Previously, Internet provider KPN challenged these 'dynamic' orders, suggesting that they are too broad. The court rejected this argument, however, noting that the process hasn't led to any major problems thus far. BREIN further reports that Google is voluntarily offering a helping hand. As reported in detail previously, the search engine removes blocked domains from its local search results after being notified about an ISP blocking order. "The effectiveness of the blocking measure is increased because Google cooperates in combating these infringements and, at the request of BREIN, completely removes all references to websites that are blocked by order of the Dutch court from the search results," BREIN writes.

An anonymous reader quotes a report from KrebsOnSecurity: The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep's CEO to admit that he has founded dozens of people-search networks over the years. Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus. Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned? to let users know when their email addresses or password are leaked in data breaches. On March 14, KrebsOnSecurity published a story showing that Onerep's Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Onerep and Shelest did not respond to requests for comment on that story.

But on March 21, Shelest released a lengthy statement wherein he admitted to maintaining an ownership stake in Nuwber, a consumer data broker he founded in 2015 -- around the same time he launched Onerep. Shelest maintained that Nuwber has "zero cross-over or information-sharing with Onerep," and said any other old domains that may be found and associated with his name are no longer being operated by him. "I get it," Shelest wrote. "My affiliation with a people search business may look odd from the outside. In truth, if I hadn't taken that initial path with a deep dive into how people search sites work, Onerep wouldn't have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I'm aiming to do better in the future." The full statement is available here (PDF).

In a statement released today, a spokesperson for Mozilla said it was moving away from Onerep as a service provider in its Monitor Plus product. "Though customer data was never at risk, the outside financial interests and activities of Onerep's CEO do not align with our values," Mozilla wrote. "We're working now to solidify a transition plan that will provide customers with a seamless experience and will continue to put their interests first." KrebsOnSecurity also reported that Shelest's email address was used circa 2010 by an affiliate of Spamit, a Russian-language organization that paid people to aggressively promote websites hawking male enhancement drugs and generic pharmaceuticals. As noted in the March 14 story, this connection was confirmed by research from multiple graduate students at my alma mater George Mason University.

Shelest denied ever being associated with Spamit. "Between 2010 and 2014, we put up some web pages and optimize them -- a widely used SEO practice -- and then ran AdSense banners on them," Shelest said, presumably referring to the dozens of people-search domains KrebsOnSecurity found were connected to his email addresses (dmitrcox@gmail.com and dmitrcox2@gmail.com). "As we progressed and learned more, we saw that a lot of the inquiries coming in were for people." Shelest also acknowledged that Onerep pays to run ads on "on a handful of data broker sites in very specific circumstances." "Our ad is served once someone has manually completed an opt-out form on their own," Shelest wrote. "The goal is to let them know that if they were exposed on that site, there may be others, and bring awareness to there being a more automated opt-out option, such as Onerep."

An Internet service provider that admitted lying to the FCC about where it offers broadband will pay a $10,000 fine and implement a compliance plan to prevent future violations. ArsTechnica: Jefferson County Cable (JCC), a small ISP in Toronto, Ohio, admitted that it falsely claimed to offer fiber service in an area that it hadn't expanded to yet. A company executive also admitted that the firm submitted false coverage data to prevent other ISPs from obtaining government grants to serve the area. Ars helped expose the incident in a February 2023 article.

The FCC announced the outcome of its investigation on March 15, saying that Jefferson County Cable violated the Broadband Data Collection program requirements and the Broadband DATA Act, a US law, "in connection with reporting inaccurate information or data with respect to the Company's ability to provide broadband Internet access service." The FCC said: "To settle this matter, Jefferson County Cable agrees to pay a $10,000 civil penalty to the United States Treasury. Jefferson County Cable also agrees to implement enhanced compliance measures. This action will help further the Commission's efforts to bridge the digital divide by having accurate data of locations where broadband service is available."

An anonymous reader quotes a report from Wired: When thousands of security researchers descend on Las Vegas every August for what's come to be known as "hacker summer camp," the back-to-back Black Hat and Defcon hacker conferences, it's a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city's elaborate array of casino and hospitality technology. But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room's gadgets, from its TV to its bedside VoIP phone. One team of hackers spent those days focused on the lock on the room's door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they're finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries. By exploiting weaknesses in both Dormakaba's encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel -- say, by booking a room there or grabbing a keycard out of a box of used ones -- then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock's data, and the second opens it.

Dormakaba says that it's been working since early last year to make hotels that use Saflok aware of their security flaws and to help them fix or replace the vulnerable locks. For many of the Saflok systems sold in the last eight years, there's no hardware replacement necessary for each individual lock. Instead, hotels will only need to update or replace the front desk management system and have a technician carry out a relatively quick reprogramming of each lock, door by door. Wouters and Carroll say they were nonetheless told by Dormakaba that, as of this month, only 36 percent of installed Safloks have been updated. Given that the locks aren't connected to the internet and some older locks will still need a hardware upgrade, they say the full fix will still likely take months longer to roll out, at the very least. Some older installations may take years.

In a Threads post today, Meta CEO Mark Zuckerberg announced that the Twitter rival is rolling out a beta of its fediverse integration in the U.S., Canada, and Japan. With the feature enabled, Threads users will be able to cross-post and view likes from other federated platforms, like Mastodon. The Verge reports: Threads previewed its fediverse integration earlier this week during the FediForum. As outlined on its support page, Meta says that you must have a public account to turn on fediverse sharing, which will allow users on other servers to "search for and follow your profile, view your posts, interact with your content, and share your content to anyone on or off their server."

There are still a few limitations, though. The beta currently doesn't let users view replies and follows from the fediverse, for example. Meta also can't promise that when you delete a federated post on Threads, it will also get deleted on the other platforms it was shared on.

An anonymous reader quotes a report from TechCrunch: In India, a government-run agency will now monitor and undertake fact-checking for government related matters on social media even as tech giants expressed grave concerns about it last year. The Ministry of Electronics and IT on Wednesday wrote in a gazette notification that it is amending the IT Rules 2021 to cement into law the proposal to make the fact checking unit of Press Information Bureau the dedicated arbiter of truth for New Delhi matters. Tech companies as well as other firms that serve more than 5 million users in India will be required to "make reasonable efforts" to not display, store, transmit or otherwise share information that deceives or misleads users about matters pertaining to the government, the IT ministry said. India's move comes just weeks ahead of the general elections in the country. Relying on a government agency such as the Press Information Bureau as the sole source to fact-check government business without giving it a clear definition or providing clear checks and balances "may lead to misuse during implementation of the law, which will profoundly infringe on press freedom," Asia Internet Coalition, an industry group that represents Meta, Amazon, Google and Apple, cautioned last year.

Meanwhile, comedian Kunal Kamra, with support from the Editors Guild of India, cautioned that the move could create an environment that forces social media firms to welcome "a regime of self-interested censorship."