×
Privacy

Ask Slashdot: How Can I Stop Security Firms From Harvesting My Data? 82

Slashdot reader Unpopular Opinions requests suggestions from the Slashdot community: Lately a boom of companies decided to play their "nice guy" card, providing us with a trove of information about our own sites, DNS servers, email servers, pretty much anything about any online service you host.

Which is not anything new... Companies have been doing this for decades, except as paid services you requested. Now the trend is basically anyone can do it over my systems, and they are always more than happy to sell anyone, me included, my data they collected without authorization or consent. It's data they never had the rights to collect and/or compile to begin with, including data collected thru access attempts via known default accounts (Administrator, root, admin, guest) and/or leaked credentials provided by hacked databases when a few elements seemingly match...

"Just block those crawlers"? That's what some of those companies advise, but not only does the site operator have to automate it themself, not all companies offer lists of their source IP addresses or identify them. Some use multiple/different crawler domain names from their commercial product, or use cloud providers such as Google Cloud, AWS and Azure â" so one can't just block access to their company's networks without massive implications. They also change their own information with no warning, and many times, no updates to their own lists. Then, there is the indirect cost: computing cost, network cost, development cost, review cycle cost. It is a cat-and-mice game that has become very boring.

With the raise of concerns and ethical questions about AI harvesting and learning from copyrighted work, how are those security companies any different from AI, and how could one legally put a stop on this?

Block those crawlers? Change your Terms of Service? What's the best fix... Share your own thoughts and suggestions in the comments.

How can you stop security firms from harvesting your data?
United States

Will Silicon Valley's Next House Member Rewrite a Key Internet Law? (sfchronicle.com) 133

An anonymous Slashdot reader shared this report from the San Francisco Chronicle's senior political writer: The next House member representing Silicon Valley wants to change a key piece of federal law that shields internet companies like X, Facebook and Snapchat from lawsuits over content their users post. That protection is considered the lifeblood of social media.

The top eight Democratic candidates vying to succeed Democratic Rep. Anna Eshoo in her very blue district agree that something has to change with Section 230 of the Communications Decency Act, which was created in 1996, back when lawmakers shied away from doing anything that could limit the growth of the industry. Their unanimity is a sign that Eshoo's successor won't be a tool for the hometown industry. At least not on this issue. The challenge is what to do next. Whoever is elected, their actions as the voice of Silicon Valley will carry outsize weight in Congress. They can lead the charge to actually do something to clean up the bile on social media...

The good news is that they will have bipartisan support to address the bile and disinformation online. The bad news is that finding the right solution will still be hard.

Earth

Across America, Clean Energy Plants Are Being Banned Faster Than They're Being Built (usatoday.com) 200

An anonymous reader shared this report from USA Today: A nationwide analysis by USA TODAY shows local governments are banning green energy faster than they're building it.

At least 15% of counties in the U.S. have effectively halted new utility-scale wind, solar, or both, USA TODAY found. These limits come through outright bans, moratoriums, construction impediments and other conditions that make green energy difficult to build... In the past decade, about 180 counties got their first commercial wind-power project. But in the same period, more than twice as many blocked wind development. And while solar power has found more broad acceptance, 2023 was the first year to see almost as many individual counties block new solar projects as the ones adding their first project.

The result: Some of the nation's areas with the best sources of wind and solar power have now been boxed out. Because large-scale solar and wind projects typically are built outside city limits, USA TODAY's analysis focuses on restrictions by the county-level governments that have jurisdiction. In a few cases, such as Connecticut, Tennessee and Vermont, entire states have implemented near-statewide restrictions. While 15% of America's counties might sound like a small portion, the trend has significant consequences, says Jeff Danielson, a former four-term Iowa state senator now with the Clean Grid Alliance. "It's 15% of the most highly productive areas to develop wind and solar," he said. "Our overall goals are going to be difficult to achieve if the answer is 'No' in county after county...."

[T]he number of new wind projects opening annually peaked in the early 2010s, according to inventory data from the U.S. Energy Information Administration, and has slowed since then. Wind power is expected to grow 11% by 2025 from last year's levels. In the past 10 years, 183 counties saw their first wind project come online. However, USA TODAY's analysis found that in the same period, nearly 375 counties have essentially blocked new wind development. That's almost as many as the 508 counties — out of 3,144 total in the U.S. — currently home to an operational wind turbine....

Of the 116 counties implementing bans or impediments to utility-scale solar plants, half did so in 2023 alone. This surge in obstacles is unprecedented since green-energy technology gained broad acceptance...

The article points out that counties sometimes also limit the size of solar farms — making them impractical to build. "Other jurisdictions create shadow bans of sorts. Projects might not technically be banned, but officials simply reject all green energy plans on a case-by-case basis..."

"USA TODAY's findings were supported by research published in late January by the Department of Energy's Lawrence Berkeley National Laboratory. Energy developers reported one third of the wind and solar siting applications they had submitted in the past five years were canceled, while about half were delayed for six months or more. Zoning issues and community opposition were two of the top reasons."

The article also quotes an Ohio farmer who complained that "You live in the country, and you want to be away from all the hustle and bustle. I kind of look at it as if they're sticking a warehouse or a factory here." Last September, his county's commissioners banned all new large-scale wind and solar projects.
Open Source

'Linux Foundation Energy' Partners With US Government on Interoperability of America's EV Charging (substack.com) 21

The non-profit Linux Foundation Energy hopes to develop energy-sector solutions (including standards, specifications, and software) supporting rapid decarbonization by collaborating with industry stakeholders.

And now they're involved in a new partnership with America's Joint Office of Energy — which facilitates collaboration between the federal Department of Energy and its Department of Transportation. The partnership's goal? To "build open-source software tools to support communications between EV charging infrastructure and other systems."

The Buildout reports: The partnership and effort — known as "Project EVerest" — is part of the administration's full-court press to improve the charging experience for EV owners as the industry's nationwide buildout hits full stride. "Project EVerest will be a game changer for reliability and interoperability for EV charging," Gabe Klein, executive director of the administration's Joint Office of Energy and Transportation, said yesterday in a post on social media....

Administration officials said that a key driver of the move to institute broad standards for software is to move beyond an era of unreliable and disparate EV charging services throughout the U.S. Dr. K. Shankari, a principal software architect at the Joint Office of Energy and Transportation, said that local and state governments now working to build out EV charging infrastructure could include a requirement that bidding contractors adhere to Project EVerest standards. That, in turn, could have a profound impact on providers of EV charging stations and services by requiring them to adapt to open source standards or lose the opportunity to bid on public projects. Charging availability and reliability are consistently mentioned as key turnoffs for potential EV buyers who want the infrastructure to be ready, easy, and consistent to use before making the move away from gas cars.

Specifically, the new project will aim to create what's known as an open source reference implementation for EV charging infrastructure — a set of standards that will be open to developers who are building applications and back-end software... And, because the software will be available for any company, organization, or developer to use, it will allow the creation of new EV infrastructure software at all levels without software writers having to start from scratch. "LF Energy exists to build the shared technology investment that the entire industry can build on top of," said Alex Thompson of LF Energy during the web conference. "You don't want to be re-inventing the wheel."

The tools will help communication between charging stations (and adjacent chargers), as well as vehicles and batteries, user interfaces and mobile devices, and even backend payment systems or power grids. An announcement from the Joint Office of Energy and Transportation says this software stack "will reduce instances of incompatibility resulting from proprietary systems, ultimately making charging more reliable for EV drivers." "The Joint Office is paving the way for innovation by partnering with an open-source foundation to address the needs of industry and consumers with technical tools that support reliable, safe and interoperable EV charging," said Sarah Hipel, Standards and Reliability Program Manager at the Joint Office.... With this collaborative development model, EVerest will speed up the adoption of EVs and decarbonization of transportation in the United States by accelerating charger development and deployment, increase customizability, and ensure high levels of security for the nation's growing network.
Linux Foundation Energy adds that reliable charging "is key to ensuring that anyone can confidently choose to ride or drive electric," predicting it will increase customizability for different use cases while offering long-term maintainability, avoiding vendor-lock in, and ensuring high levels of security. This is a pioneering example of the federal government collaborating to deploy code into an open source project...

"The EVerest project has been demonstrated in pilots around the world to make EV charging far more reliable and reduces the friction and frustration EV drivers have experienced when a charger fails to work or is not continually maintained," said LF Energy Executive Director Alex Thornton. "We look forward to partnering with the Joint Office to create a robust firmware stack that will stand the test of time, and be maintained by an active and growing global community to ensure the nation's charging infrastructure meets the needs of a growing fleet of electric vehicles today and into the future."

Thanks to Slashdot reader ElectricVs for sharing the article.
AI

Police Departments Are Turning To AI To Sift Through Unreviewed Body-Cam Footage (propublica.org) 40

An anonymous reader quotes a report from ProPublica: Over the last decade, police departments across the U.S. have spent millions of dollars equipping their officers with body-worn cameras that record what happens as they go about their work. Everything from traffic stops to welfare checks to responses to active shooters is now documented on video. The cameras were pitched by national and local law enforcement authorities as a tool for building public trust between police and their communities in the wake of police killings of civilians like Michael Brown, an 18 year old black teenager killed in Ferguson, Missouri in 2014. Video has the potential not only to get to the truth when someone is injured or killed by police, but also to allow systematic reviews of officer behavior to prevent deaths by flagging troublesome officers for supervisors or helping identify real-world examples of effective and destructive behaviors to use for training. But a series of ProPublica stories has shown that a decade on, those promises of transparency and accountability have not been realized.

One challenge: The sheer amount of video captured using body-worn cameras means few agencies have the resources to fully examine it. Most of what is recorded is simply stored away, never seen by anyone. Axon, the nation's largest provider of police cameras and of cloud storage for the video they capture, has a database of footage that has grown from around 6 terabytes in 2016 to more than 100 petabytes today. That's enough to hold more than 5,000 years of high definition video, or 25 million copies of last year's blockbuster movie "Barbie." "In any community, body-worn camera footage is the largest source of data on police-community interactions. Almost nothing is done with it," said Jonathan Wender, a former police officer who heads Polis Solutions, one of a growing group of companies and researchers offering analytic tools powered by artificial intelligence to help tackle that data problem.

The Paterson, New Jersey, police department has made such an analytic tool a major part of its plan to overhaul its force. In March 2023, the state's attorney general took over the department after police shot and killed Najee Seabrooks, a community activist experiencing a mental health crisis who had called 911 for help. The killing sparked protests and calls for a federal investigation of the department. The attorney general appointed Isa Abbassi, formerly the New York Police Department's chief of strategic initiatives, to develop a plan for how to win back public trust. "Changes in Paterson are led through the use of technology," Abbassi said at a press conference announcing his reform plan in September, "Perhaps one of the most exciting technology announcements today is a real game changer when it comes to police accountability and professionalism." The department, Abassi said, had contracted with Truleo, a Chicago-based software company that examines audio from bodycam videos to identify problematic officers and patterns of behavior.

For around $50,000 a year, Truleo's software allows supervisors to select from a set of specific behaviors to flag, such as when officers interrupt civilians, use profanity, use force or mute their cameras. The flags are based on data Truleo has collected on which officer behaviors result in violent escalation. Among the conclusions from Truleo's research: Officers need to explain what they are doing. "There are certain officers who don't introduce themselves, they interrupt people, and they don't give explanations. They just do a lot of command, command, command, command, command," said Anthony Tassone, Truleo's co-founder. "That officer's headed down the wrong path." For Paterson police, Truleo allows the department to "review 100% of body worn camera footage to identify risky behaviors and increase professionalism," according to its strategic overhaul plan. The software, the department said in its plan, will detect events like uses of force, pursuits, frisks and non-compliance incidents and allow supervisors to screen for both "professional and unprofessional officer language."
There are around 30 police departments currently use Truleo, according to the company.

Christopher J. Schneider, a professor at Canada's Brandon University who studies the impact of emerging technology on social perceptions of police, is skeptical the AI tools will fix the problems in policing because the findings might be kept from the public just like many internal investigations. "Because it's confidential," he said, "the public are not going to know which officers are bad or have been disciplined or not been disciplined."
Crime

YouTube, Discord, and Lord of the Rings Led Police To a Teen Accused of a US Swatting Spree (wired.com) 60

An anonymous reader quotes a report from Wired: A California teenager prosecutors say is responsible for hundreds of swatting attacks around the United States was exposed after law enforcement pieced together a digital trail left on some of the internet's largest platforms, according to court records released this week. Alan Winston Filion, a 17-year-old from Lancaster, California, faces four felony charges in Florida's Seminole County related to swatting, or fake threats called into the police to provoke a forceful response, according to Florida state prosecutors. Police arrested Filion on January 18, and he was extradited to Seminole County this week.

Filion's arrest, first reported by WIRED on January 26, marks the culmination of a multi-agency manhunt for the person police claim is responsible for swatting attacks on high schools, historically black colleges and universities, mosques, and federal agents, and for threats to bomb the Pentagon, members of the United States Senate, and the US Supreme Court. Ultimately, a YouTube channel, Discord chats, and usernames related to The Lord of the Rings helped lead authorities to Filion's doorstep.

Florida prosecutors charged Filion with four felony counts, including three related to allegedly making false reports to law enforcement and one for unlawful use of a two-way radio for "facilitating or furthering an act of terrorism" that authorities say targeted people based on race, religion, or other protected classes. While prosecutors alleged that Filion "is responsible for hundreds of swatting and bomb threat incidents throughout the United States," the charges Filion faces relate to a single May 12, 2023, swatting attack against the Masjid Al Hayy Mosque in Sanford, Florida. [...] At 2 pm EST on Wednesday, Filion shuffled into a Seminole County courtroom and stood quietly as the judge read the charges against him. He is currently being held without bond.

Bitcoin

Three People Indicted In $400 Million FTX Crypto Hack Conspiracy (cnbc.com) 20

When FTX filed for bankruptcy in November 2022, the defunct cryptocurrency exchange suffered a hack that resulted in more than $380 million in crypto stolen from FTX's virtual wallets. It turns out that FTX was hit with a SIM-swapping scam orchestrated by ringleader Robert Powell. Powell, along with Carter Rohn and Emily Hernandez, have been indicted and are due to appear in Chicago federal court later Friday for a detention hearing. CNBC reports: The three defendants are charged with conspiracy to commit wire fraud and conspiracy to commit aggravated identity theft and access device fraud, in a scheme that ran from March 2021 to last April, and involved the co-conspirators traveling to cellphone retail stores in more than 15 states. The indictment says the trio shared the personal identifying information of more than 50 victims, created fake identification documents in the victims' names, impersonated them and then accessed their victims' "online, financial and social media accounts for the purpose of stealing money and data."

The scheme relied on duping phone companies into swapping the Subscriber Identity Module of cell phone subscribers into a cellphone controlled by members of the conspiracy, the indictment said. That in turn allowed the conspirators to defeat the multifactor authentication protection on the victims' accounts, giving them access to the money in those accounts. The indictment does not identify FTX by name as the main victim of the conspiracy, but the details of the hack described in that charging document align with the details publicly known about the theft from FTX, which was collapsing at the time of the attack.

Crime

Ex-CIA Software Engineer Sentenced To 40 Years For Giving Secrets To WikiLeaks (theguardian.com) 147

Joshua Schulte, a former CIA software engineer, was sentenced to 40 years in prison on Thursday for carrying out the largest theft of classified information in the agency's history and possessing child pornography. The Guardian reports: The 40-year sentence by US district judge Jesse Furman was for "crimes of espionage, computer hacking, contempt of court, making false statements to the FBI, and child pornography," federal prosecutors said in a statement. The judge did not impose a life sentence as sought by prosecutors. Joshua Schulte was convicted in July 2022 on four counts each of espionage and computer hacking and one count of lying to FBI agents, after giving classified materials to the whistleblowing agency WikiLeaks in the so-called Vault 7 leak. Last August, a judge mostly upheld the conviction.

WikiLeaks in March 2017 began publishing the materials, which concerned how the CIA surveilled foreign governments, alleged extremists and others by compromising their electronics and computer networks. Prosecutors characterized Schulte's actions as "the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information" in US history. Prosecutors also said Schulte received thousands of images and videos of child sexual abuse, and that they found the material in Schulte's New York apartment, in an encrypted container beneath three layers of password protection, during the CIA leaks investigation.

China

FBI Director Warns Chinese Hackers Aim To 'Wreak Havoc' On US Critical Infrastructure (nbcnews.com) 98

"China's hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike," said FBI Director Christopher Wray in a prepared testimony before the House Select Committee on the Chinese Communist Party. NBC News reports: Wray also argued that "there has been far too little public focus" that Chinese hackers are targeting critical infrastructure in the U.S. such as water treatment plants, electrical grids, oil and natural gas pipelines, and transportation systems, according to the prepared remarks. "And the risk that poses to every American requires our attention -- now," his prepared testimony said.

As Wray testified, the Justice Department and FBI announced they had disabled a Chinese hacking operation that had infected hundreds of small office and home routers with botnet malware that targeted critical infrastructure. The DOJ said the hackers, known to the private sector as "Volt Typhoon," used privately owned small routers that were infected with "KV botnet" malware to conceal further Chinese hacking activities against U.S. and foreign victims. Wray addressed the malware in his testimony, emphasizing that it targets critical infrastructure in the U.S. [...]

At Wednesday's hearing, the director of the federal Cybersecurity and Infrastructure Security Agency, Jen Easterly, testified that Americans should expect efforts by China to wage influence campaigns online relating to the 2024 election. However, Easterly added that she was confident that voting systems and other election infrastructure are well-defended. "To be very clear, Americans should have confidence in the integrity of our election infrastructure because of the enormous amount of work that's been done by state and local election officials, by the federal government, by vendors, by the private sector since 2016," Easterly said in her testimony.

Wray emphasized in the remarks that the "cyber onslaught" of Chinese hackers "goes way beyond prepositioning for future conflict," saying in the prepared remarks that every day the hackers are "actively attacking" U.S. economic security, engaging in "wholesale theft of our innovation, and our personal and corporate data." "And they don't just hit our security and economy. They target our freedoms, reaching inside our borders, across America, to silence, coerce, and threaten our citizens and residents," the excerpts said.

EU

OpenAI's ChatGPT Breaches Privacy Rules, Says Italian Watchdog (reuters.com) 6

An anonymous reader quotes a report from Reuters: Italy's data protection authority has told OpenAI that its artificial intelligence chatbot application ChatGPT breaches data protection rules, the watchdog said on Monday, as it presses ahead with an investigation started last year. The authority, known as Garante, is one of the European Union's most proactive in assessing AI platform compliance with the bloc's data privacy regime. Last year, it banned ChatGPT over alleged breaches of European Union (EU) privacy rules. The service was reactivated after OpenAI addressed issues concerning, amongst other things, the right of users to decline to consent to the use of personal data to train algorithms. At the time, the regulator said it would continue its investigations. It has since concluded that elements indicate one or more potential data privacy violations, it said in a statement without providing further detail. The Garante on Monday said Microsoft-backed OpenAI has 30 days to present defense arguments, adding that its investigation would take into account work done by a European task force comprising national privacy watchdogs.
Bitcoin

German Police Secure $2 Billion In Bitcoin From Pirate Site Operators (torrentfreak.com) 42

An anonymous reader quotes a report from TorrentFreak: With help from the FBI, German police managed to secure nearly 50,000 bitcoin (USD $2 billion) from the operators of the defunct movie streaming portal, Movie2k. [...] Movie2K was another pirate site that showed an early interest in bitcoin. In its heyday, the site was the dominant pirate streaming portal in German-speaking countries. It generated a healthy revenue stream, part of it held in bitcoin. The operator of the site never got to spend most of it though. The site surprisingly shut down in the spring of 2013. Many suspected that legal troubles had plagued the site, something confirmed years later when Dresden police announced several arrests.

It was rare to see new activity in an already-dated dossier, but the biggest surprise followed later when the police announced that $29.7m in bitcoin had been secured from the site's operators. This 'seizure' was one of the largest of its kind but the authorities estimated that the operators had more bitcoin stashed away, much more. Today, new information released by Dresden police shows that the assumption was correct.

Following an investigation carried out by the Dresden General Prosecutor's Office, the Saxony State Criminal Police, and the local tax authority (INES), nearly 50,000 bitcoin were 'provisionally' secured earlier this month. The haul is worth more than $2 billion at today's exchange rate. Never before has this much bitcoin been secured by German authorities; it's also one of the largest crypto hauls worldwide. "The Bitcoins were seized after the accused voluntarily transferred them to official wallets provided by the [Federal Criminal Police Office]. This means that a final decision has not yet been made about the utilization of the Bitcoins," police write.

Security

ChatGPT is Leaking Passwords From Private Conversations of Its Users - Report (arstechnica.com) 62

Dan Goodin, reporting for ArsTechnica: ChatGPT is leaking private conversations that include login credentials and other personal details of unrelated users, screenshots submitted by an Ars reader on Monday indicated. Two of the seven screenshots the reader submitted stood out in particular. Both contained multiple pairs of usernames and passwords that appeared to be connected to a support system used by employees of a pharmacy prescription drug portal. An employee using the AI chatbot seemed to be troubleshooting problems they encountered while using the portal.

"THIS is so f-ing insane, horrible, horrible, horrible, i cannot believe how poorly this was built in the first place, and the obstruction that is being put in front of me that prevents it from getting better," the user wrote. "I would fire [redacted name of software] just for this absurdity if it was my choice. This is wrong." Besides the candid language and the credentials, the leaked conversation includes the name of the app the employee is troubleshooting and the store number where the problem occurred. The entire conversation goes well beyond what's shown in the redacted screenshot above. A link Ars reader Chase Whiteside included showed the chat conversation in its entirety. The URL disclosed additional credential pairs. The results appeared Monday morning shortly after reader Whiteside had used ChatGPT for an unrelated query.

United Kingdom

UK To Ban Disposable Vapes (nytimes.com) 131

In an announcement earlier today, Prime Minister Rishi Sunak said single-use vapes will be banned in Britain, with certain flavors restricted and regulations put in place around their packaging and displays. The New York Times reports: Mr. Sunak said that the ban, which is part of legislation that still has to be approved by Parliament, was intended to halt "one of the most worrying trends at the moment," before it becomes "endemic." "The long-term impacts of vaping are unknown and the nicotine within them can be highly addictive, so while vaping can be a useful tool to help smokers quit, marketing vapes to children is not acceptable," he said in a statement. Andrea Leadsom, Britain's health minister, said the measures were intended to make sure that vapes were aimed at adults who were quitting smoking, rather than children.

"Nicotine is highly addictive -- and so it is completely unacceptable that children are getting their hands on these products, many of which are undeniably designed to appeal to young people," she said in a statement. [...] While it is not illegal for people under 18 to smoke or vape in Britain, it is illegal for those products to be sold to them. By banning disposable vapes, and restricting the flavors and packaging of refillable vapes, the government hopes to make it far less likely that young people will experiment with e-cigarettes.

Transportation

NYC Wants To Create a First-of-Its Kind Department To Regulate App Based Delivery (fastcompany.com) 38

With the increasing adoption of e-bikes and drones for efficient, eco-friendly delivery services, New York is proposing the Department of Sustainable Delivery to regulate these services, focusing on safety, data sharing, and operational permits to ease congested lanes. Fast Company reports: The first step of the new department will be a task force made up of tech, transportation, labor, and government representatives. There are currently some city regulations around delivery operations, but they're fragmented; the Department of Consumer and Worker Protection, for example, has addressed delivery worker rights (and recently announced a new minimum pay rate for app-based food delivery workers), while the Department of Transportation focuses on commercial delivery, and has taken steps to address delivery cargo bikes. "We don't have a place where every company that wants to dispatch in volume and move freight [and goods] around in the city on a micro level comes through and has to show that they're going to meet certain requirements," [New York City Deputy Mayor of Operations Meera Joshi] says.

Managers of truck delivery fleets often track their driver's performance and behavior with tools like GPS; through the new department, micromobility app companies may be required to share their GPS delivery data with the city. That data might reveal more about how long delivery riders are working, or how heavy cargo bikes' loads are, which could lead to new regulations. Joshi also points to e-bike fires and rising e-bike rider deaths as red flags that signal the need for more oversight and legislation, which could prevent future tragedies. More information about where and when these deliveries are happening could also help the city adapt its infrastructure to this growing market. "As more and more of the city is feeling the effects of the commercialization of bike lanes, we certainly do have to rethink how wide our bike lanes are, what they are there to accommodate, does there need to be some separation between motorized and nonmotorized [bikes]?" Joshi says. "But these things need to be informed." The city is already making some such updates. Last summer, it upgraded a stretch of 10th Avenue to include a 10-foot-wide bike lane, to better allow regular cyclists and delivery e-bikes to coexist

Tech advancements often move faster than the government, resulting in a game of legislative catch up for cities. Joshi says New York City is thinking about micromobility in this way because "we've seen this movie before," referring to tech disruption, "and we'd like a different ending." While Joshi knows that companies may bristle at the increased oversight, she says being proactive about these issues and taking steps to address them will likely help the firms and their public perception long-term. And not addressing micromobility challenges now could also impede larger climate progress. "If we are not able to show that we have a comprehensive framework, show that we're able to manage what we have today and prepare for the unknown, we could have people, saying 'it was better when [delivery] was in trucks,'" Joshi says, "and that would actually be probably the worst thing for the environment."

Data Storage

Japan Will No Longer Require Floppy Disks For Submitting Some Official Documents (engadget.com) 45

Japan is aiming to phase out floppy disks and CD-ROMs, which until now were forms of physical media required for submitting some official documents to the government. Engadget reports: Back in 2022, Minister of Digital Affairs Taro Kono urged various branches of the government to stop requiring businesses to submit information on outdated forms of physical media. The Ministry of Economy, Trade and Industry (METI) is one of the first to make the switch. "Under the current law, there are many provisions stipulating the use of specific recording media such as floppy disks regarding application and notification methods," METI said last week, according to The Register. After this calendar year, METI will no longer require businesses to submit data on floppy disks under 34 ordinances. The same goes for CD-ROMs when it comes to an unspecified number of procedures. There's still quite some way to go before businesses can stop using either format entirely, however.

Kono's staff identified some 1,900 protocols across several government departments that still require the likes of floppy disks, CD-ROMs and even MiniDiscs. The physical media requirements even applied to key industries such as utility suppliers, mining operations and aircraft and weapons manufacturers. There are a couple of main reasons why there's a push to stop using floppy disks, as SoraNews24 points out. One major factor is that floppy disks can be hard to come by. Sony, the last major manufacturer, stopped selling them in 2011. Another is that some data types just won't fit on a floppy disk. A single photo can easily be larger than the format's 1.4MB storage capacity.

Security

Mistakenly Published Password Exposes Mercedes-Benz Source Code (techcrunch.com) 29

An anonymous reader quotes a report from TechCrunch: Mercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave "unrestricted access" to the company's source code, according to the security research firm that discovered it. Shubham Mittal, co-founder and chief technology officer of RedHunt Labs, alerted TechCrunch to the exposure and asked for help in disclosing to the car maker. The London-based cybersecurity company said it discovered a Mercedes employee's authentication token in a public GitHub repository during a routine internet scan in January. According to Mittal, this token -- an alternative to using a password for authenticating to GitHub -- could grant anyone full access to Mercedes's GitHub Enterprise Server, thus allowing the download of the company's private source code repositories.

"The GitHub token gave 'unrestricted' and 'unmonitored' access to the entire source code hosted at the internal GitHub Enterprise Server," Mittal explained in a report shared by TechCrunch. "The repositories include a large amount of intellectual property connection strings, cloud access keys, blueprints, design documents, [single sign-on] passwords, API Keys, and other critical internal information." Mittal provided TechCrunch with evidence that the exposed repositories contained Microsoft Azure and Amazon Web Services (AWS) keys, a Postgres database, and Mercedes source code. It's not known if any customer data was contained within the repositories. It's not known if anyone else besides Mittal discovered the exposed key, which was published in late-September 2023.
A Mercedes spokesperson confirmed that the company "revoked the respective API token and removed the public repository immediately."

"We can confirm that internal source code was published on a public GitHub repository by human error. The security of our organization, products, and services is one of our top priorities. We will continue to analyze this case according to our normal processes. Depending on this, we implement remedial measures."
The Courts

Tattoo Artist Kat Von D Wins Copyright Lawsuit Over Miles Davis Photo (billboard.com) 46

UnknowingFool writes: Jurors on Friday, January 26, 2024 ruled in favor of celebrity tattoo artist Kat Von D (real name Katherine von Drachenberg) in a copyright lawsuit regarding a photo of Miles Davis in that her use of the photo was not copyright infringement. The photographer of the photo, Jeffrey Sedlik, sued Von D in February 2021 after she used the photo as the basis for a tattoo she inked on a friend. Kat Von D, who gained fame in the reality shows about tattoo artists "LA Ink" and "Miami Ink", put the tattoo on her friend's arm in 2017 as a gift. The jury found that the tattoo was not "substantially similar" to the photo and were also persuaded that the non-commercial nature of the work meant her use of the photo would be fair use.

The plaintiff Sedilk said he is planning to appeal the ruling arguing it contradicts the Supreme Court ruling in Warhol Foundation vs Goldsmith (PDF) where the artist Andy Warhol made a silkscreen print of Lynn Goldsmith's photo of Prince. The main difference pointed out by Von D's lawyers is that Warhol charged $10,000 for his print whereas Von D did not charge her friend for the tattoo and that is was closer to "fan art".

AI

Following Lawsuit, Rep Admits 'AI' George Carlin Was Human-Written (arstechnica.com) 58

An anonymous reader shares a report: The estate of George Carlin has filed a federal lawsuit against the comedy podcast Dudesy for an hour-long comedy special sold as an AI-generated impression of the late comedian. But a representative for one of the podcast hosts behind the special now admits that it was actually written by a human. In the lawsuit, filed by Carlin manager Jerold Hamza in a California district court, the Carlin estate points out that the special, "George Carlin: I'm Glad I'm Dead," (which was set to "private" on YouTube shortly after the lawsuit was filed) presents itself as being created by an AI trained on decades worth of Carlin's material. That training would, by definition, involve making "unauthorized copies" of "Carlin's original, copyrighted routines" without permission in order "to fabricate a semblance of Carlin's voice and generate a Carlin stand-up comedy routine," according to the lawsuit.

Despite the presentation as an AI creation, there was a good deal of evidence that the Dudesy podcast and the special itself were not actually written by an AI, as Ars laid out in detail this week. And in the wake of this lawsuit, a representative for Dudesy host Will Sasso admitted as much to The New York Times. "It's a fictional podcast character created by two human beings, Will Sasso and Chad Kultgen," spokeswoman Danielle Del told the newspaper. "The YouTube video 'I'm Glad I'm Dead' was completely written by Chad Kultgen." Regardless of that admission, Carlin estate lawyer Josh Schiller told the Times that the lawsuit would move forward. "We don't know what they're saying to be true," he said. "What we will know is that they will be deposed. They will produce documents, and there will be evidence that shows one way or another how the show was created."

Transportation

California Bill Wants To Mandate Electronic 'Speed Limiters' in Cars (caranddriver.com) 362

"Someday in the not too distant future, it might no longer be possible to drive a brand-new car faster than 80 mph in California," writes Car and Driver: That's because state senator Scott Wiener earlier this week proposed a new bill that aims to prevent certain new vehicles from going more than 10 mph over the speed limit. In California, the maximum posted speed limit is 70 mph, meaning anything north of 80 mph would be off limits.

The Speeding and Fatality Emergency Reduction on California Streets — or SAFER California Streets, for short — is a package of bills that includes SB 961 that was published Tuesday, which essentially calls for speed governors on new cars and trucks built or sold in California starting with the 2027 model year. These vehicles would be required to have an "intelligent speed limiter system" that electronically prevents the driver from speeding above the aforementioned threshold.

The speed-limiter tech wouldn't apply to emergency vehicles. There's also language in the bill that the passive device would have the ability to be temporarily disabled by the driver, however, it's unclear in what situations that might apply. The bill also states that automakers would be able to fully disable the speed-limiter, but presumably only for authorized emergency vehicles. The commissioner of the California Highway Patrol could authorize disabling the speed-limiter too at their discretion...

The proposed legislation is said to be an attempt to address rising traffic fatalities, which in California have reportedly increased by 22 perecent from 2019 to 2022.

Transportation

America's Car Industry Seeks to Crush AM Radio. Will Congress Rescue It? (msn.com) 262

The Wall Street Journal reports that "a motley crew of AM radio advocates," including conservative talk show hosts and federal emergency officials, are lobbying Congress to stop carmakers from dropping AM radio from new vehicles: Lawmakers say most car companies are noncommittal about the future of AM tuners in vehicles, so they want to require them by law to keep making cars with free AM radio. Supporters argue it is a critical piece of the emergency communication network, while the automakers say Americans have plenty of other ways, including their phones, to receive alerts and information. The legislation has united lawmakers who ordinarily want nothing to do with one another. Sens. Ted Cruz (R., Texas) and Ed Markey (D., Mass.) are leading the Senate effort, and on the House side, Speaker Mike Johnson — himself a former conservative talk radio host in Louisiana — and progressive "squad" member Rep. Rashida Tlaib of Michigan are among about 200 co-sponsors...

A spring 2023 Nielsen survey, the most recent one available, showed that AM radio reaches about 78 million Americans every month. That is down from nearly 107 million in the spring of 2016, one of the earliest periods for which Nielsen has data... Automakers say the rise of electric vehicles is driving the shift away from AM, because onboard electronics create interference with AM radio signals — a phenomenon that "makes the already fuzzy analog AM radio frequency basically unlistenable," according to the Alliance for Automotive Innovation, a car-industry trade group. Shielding cables and components to reduce interference would cost carmakers $3.8 billion over seven years, the group estimates.

Markey and other lawmakers say they want to preserve AM radio because of its role in emergency communications. The Federal Emergency Management Agency says that more than 75 radio stations, most of which operate on the AM band and cover at least 90% of the U.S. population, are equipped with backup communications equipment and generators that allow them to continue broadcasting information to the public during and after an emergency. Seven former FEMA administrators urged Congress in a letter last year to seek assurances from automakers that they would keep broadcast radio available. The companies' noncommittal response spurred legislation, lawmakers said.

Automakers increasingly want to put radio and other car features "behind a paywall," Markey said in an interview. "They see this as another profit center for them when the American driving public has seen it as a safety resource for them and their families...." He compared the auto industry's resistance to the bill to previous opposition to government mandates like seat belts and air bags. "Leaving safety decisions to the auto industry is very dangerous," Markey said.

Lawmakers have heard from over 400,000 AM radio supporters, according to the president of the National Association of Broadcasters.

But the article also cites an executive at the Consumer Technology Association, who says automakers and tech advocacy groups have told lawmakers that requiring AM radio "would be "inconsistent with the principles of a free market.... It's strange that Congress is focused on a 100-year-old technology."

Slashdot Top Deals