Another study is raising concern about the safety of the widely used sugar alcohol sweetener erythritol, a low-calorie sugar substitute found in "keto-friendly" foods, baked goods and candies. From a report: Researchers from the Cleveland Clinic compared erythritol to typical sugar and found only erythritol caused worrisome cardiovascular effects. Although the study was small, it's the first head-to-head look at people's blood levels after they consume products with erythritol or sugar (glucose). "We compared the results, and glucose caused none of the problems," said Dr. Stanley Hazen, a cardiologist at the Cleveland Clinic and the lead author of the study, published Thursday morning in the journal Arteriosclerosis, Thrombosis, and Vascular Biology.

Erythritol is one ingredient on a growing list of nonsugar sweeteners found in low-calorie and sugar-free foods. Erythritol and xylitol are sugar alcohols that are sweet like sugar but with far fewer calories. Erythritol is often mixed with another sweetener, stevia, and xylitol is often found in gum, mouthwash and toothpaste. Earlier studies from Hazen's lab -- one published last year and the other in June -- found potential links between the sugar alcohols and an increased risk of heart attacks and strokes. The research suggested both sugar alcohols might make blood platelets stickier and therefore more susceptible to clotting and blocking veins or arteries, in turn contributing to heart attacks and strokes. For the new research, Hazen's team analyzed the heart effects of erythritol and regular sugar -- in this case, simple glucose -- by enrolling two groups of healthy middle-aged male and female volunteers: 10 who consumed the erythritol and 10 who consumed sugar.

iPhone and Apple Watch users in California will soon be able to add their digital ID and driver's license to the Wallet app, as revealed by new landing pages on the state DMV website. This feature follows a slow rollout since its announcement, with only five states currently supporting it. MacRumors reports: "Now you can add your California driver's license or state ID to Apple Wallet on iPhone and Apple Watch so you can present it easily and securely in person and in app," reads the landing page, which contains broken links and placeholder images, and is still missing a proper website security certificate. The webpages were discovered on Sunday by Jimmy Obomsawin, after someone added a link to the landing pages in an Apple Wallet Wikipedia entry last Wednesday.

Apple's elaborate new ad campaign promises that Safari is "a browser that protects your privacy." And the Washington Post says Apple "deserves credit for making many privacy protections automatic with Safari..."

"But Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project, said Safari is no better than the fourth-best web browser for your privacy." "If browser privacy were a sport at the Olympics, Apple isn't getting on the medal stand," Cahn said. (Apple did not comment about this.)

Safari stops third-party cookies anywhere you go on the web. So do Mozilla's Firefox and the Brave browser... Chrome allows third-party cookies in most cases unless you turn them off... Even without cookies, a website can pull information like the resolution of your computer screen, the fonts you have installed, add-on software you use and other technical details that in aggregate can help identify your device and what you're doing on it. The measures, typically called "fingerprinting," are privacy-eroding tracking by another name. Nick Doty with the Center for Democracy & Technology said there's generally not much you can do about fingerprinting. Usually you don't know you're being tracked that way. Apple says it defends against common fingerprinting techniques but Cahn said Firefox, Brave and the Tor Browser all are better at protecting you from digital surveillance. That's why he said Safari is no better than the fourth-best browser for privacy.
Safari's does offer extra privacy protections in its "private" mode, the article points out. "When you use this option, Apple says it does more to block use of 'advanced' fingerprinting techniques. It also steps up defenses against tracking that adds bits of identifying information to the web links you click."

The article concludes that Safari users can "feel reasonably good about the privacy (and security) protections, but you can probably do better — either by tweaking your Apple settings or using a web browser that's even more private than Safari."

"As media bosses scramble to decide if and how they should partner with AI companies, workers are increasingly concerned that the technology could imperil their jobs or degrade their work..." reports the Washington Post.

The latest example? "Two months after the Atlantic reached a licensing deal with OpenAI, staffers at the storied magazine are demanding the company ensure their jobs and work are protected." (Nearly 60 journalists have now signed a letter demanding the company "stop prioritizing its bottom line and champion the Atlantic's journalism.") The unionized staffers want the Atlantic bosses to include AI protections in the union contract, which the two sides have been negotiating since 2022. "Our editorial leaders say that The Atlantic is a magazine made by humans, for humans," the letter says. "We could not agree more..."

The Atlantic's new deal with OpenAI grants the tech firm access to the magazine's archives to train its AI tools. While the Atlantic in return will have special access to experiment with these AI tools, the magazine says it is not using AI to create journalism. But some journalists and media observers have raised concerns about whether AI tools are accurately and fairly manipulating the human-written text they work with. The Atlantic staffers' letter noted a pattern by ChatGPT of generating gibberish web addresses instead of the links intended to attribute the reporting it has borrowed, as well as sending readers to sites that have summarized Atlantic stories rather than the original work...

Atlantic spokeswoman Anna Bross said company leaders "agree with the general principles" expressed by the union. For that reason, she said, they recently proposed a commitment to not to use AI to publish content "without human review and editorial oversight." Representatives from the Atlantic Union bargaining committee told The Washington Post that "the fact remains that the company has flatly refused to commit to not replacing employees with AI."
The article also notes that last month the union representing Lifehacker, Mashable and PCMag journalists "ratified a contract that protects union members from being laid off because AI has impacted their roles and requires the company to discuss any such plans to implement AI tools ahead of time."

An anonymous reader quotes a report from the New York Times: People who regularly eat processed red meat, like hot dogs, bacon, sausage, salami and bologna, have a greater risk of developing dementia later in life. That was the conclusion of preliminary research presented this week at the Alzheimer's Association International Conference. The study tracked more than 130,000 adults in the United States for up to 43 years. During that period, 11,173 people developed dementia. Those who consumed about two servings of processed red meat per week had a 14 percent greater risk of developing dementia compared to those who ate fewer than three servings per month. Eating unprocessed red meat, like steak or pork chops, did not significantly increase the risk for dementia, though people who ate it every day were more likely to report that they felt their cognition had declined than those who ate red meat less often. (The results of the study have not yet been published in a journal.) There have been several studies published in the past few years that have found an association between ultraprocessed foods and cognitive decline. The report notes a study of more than 10,000 middle-aged adults in Brazil, which found that "people who consumed 20 percent or more of their daily calories from ultraprocessed foods experienced more rapid cognitive decline, particularly on tests of executive functioning, over the course of eight years."

OpenAI is launching an online search tool in a direct challenge to Google, opening up a new front in the tech industry's race to commercialise advances in generative artificial intelligence. From a report: The experimental product, known as SearchGPT [non-paywalled], will initially only be available to a small group of users, with the San Francisco-based company opening a 10,000-person waiting list to test the service on Thursday. The product is visually distinct from ChatGPT as it goes beyond generating a single answer by offering a rail of links -- similar to a search engine -- that allows users to click through to external websites.

[...] SearchGPT will "provide up-to-date information from the web while giving you clear links to relevant sources," according to OpenAI. The new search tool will be able to access sites even if they have opted out of training OpenAI's generative AI tools, such as ChatGPT.

samleecole writes: A leaked document obtained by 404 Media shows company-wide effort at generative AI company Runway, where employees collected thousands of YouTube videos and pirated content for training data for its Gen-3 Alpha model. The model -- initially codenamed Jupiter and released officially as Gen-3 -- drew widespread praise from the AI development community and technology outlets covering its launch when Runway released it in June. Last year, Runway raised $141 million from investors including Google and Nvidia, at a $1.5 billion valuation.

The spreadsheet of training data viewed by 404 Media and our testing of the model indicates that part of its training data is popular content from the YouTube channels of thousands of media and entertainment companies, including The New Yorker, VICE News, Pixar, Disney, Netflix, Sony, and many others. It also includes links to channels and individual videos belonging to popular influencers and content creators, including Casey Neistat, Sam Kolder, Benjamin Hardman, Marques Brownlee, and numerous others.

Google is now the only search engine that can surface results from Reddit, making one of the web's most valuable repositories of user generated content exclusive to the internet's already dominant search engine. 404 Media: If you use Bing, DuckDuckGo, Mojeek, Qwant or any other alternative search engine that doesn't rely on Google's indexing and search Reddit by using "site:reddit.com," you will not see any results from the last week.

DuckDuckGo is currently turning up seven links when searching Reddit, but provides no data on where the links go or why, instead only saying that "We would like to show you a description here but the site won't allow us." Older results will still show up, but these search engines are no longer able to "crawl" Reddit, meaning that Google is the only search engine that will turn up results from Reddit going forward. Searching for Reddit still works on Kagi, an independent, paid search engine that buys part of its search index from Google. The news shows how Google's near monopoly on search is now actively hindering other companies' ability to compete at a time when Google is facing increasing criticism over the quality of its search results. The news follows Google signing a $60 million deal with Reddit early this year to use the social network's content to train its LLMs.

In 2018, Google replaced its URL shortener service, goo.gl, with Firebase Dynamic Links, citing "the changes we've seen in how people find content on the internet, and the number of new popular URL shortening services that emerged in that time." Although it stopped accepting new URLs to shorten, it continued to serve existing URLs that used their service. That's about to change on August 25th, 2025, when Google will turn off the service portion of Google URL Shortener.

"Any developers using links built with the Google URL Shortener in the form https://goo.gl/* will be impacted, and these URLs will no longer return a response after August 25th, 2025," says Google in a blog post today. "Starting August 23, 2024, goo.gl links will start displaying an interstitial page for a percentage of existing links notifying your users that the link will no longer be supported after August 25th, 2025 prior to navigating to the original target page. Over time the percentage of links that will show the interstitial page will increase until the shutdown date." All links will return a 404 response after the shutdown date.

An anonymous reader quotes a report from Wired, written by Chris Baraniuk: The buses struggling in China's muggy weather gave [Matt Jore, CEO of Montana Technologies] and his colleagues an idea. If they could make dehumidification more efficient somehow, then they could make air conditioning as a whole much more efficient, too. They headed back to the US wondering how to make this happen. [...] "I have here 50-gallon barrels of this stuff. It comes in a special powder," says Jore, referring to the moisture-loving material that coats components inside his firm's novel dehumidifier system, AirJoule. This is the result of years of research and development that followed his team's trip to China. The coating is a type of highly porous material called a metal-organic framework, and the pores are sized so that they fit around water molecules extremely well. It makes for a powerful desiccant, or drying device. "Just one kilogram can take up half or more than half -- in our case 55 percent -- of its own weight in water vapor," says Jore.

The AirJoule system consists of two chambers, each one containing surfaces coated with this special material. They take turns at dehumidifying a flow of air. One chamber is always drying air that is pushed through the system while the other gradually releases the moisture it previously collected. A little heat from the drying chamber gets applied to the moisture-saturated coating in the other, since that helps to encourage the water to drip away for removal. These two cavities swap roles every 10 minutes or so, says Jore. This process doesn't cool the air, but it does make it possible to feed dry air to a more traditional air conditioning device, drastically cutting how much energy that secondary device will use. And Jore claims that AirJoule consumes less than 100 watt-hours per liter of water vapor removed -- potentially cutting the energy required for dehumidification by as much as 90 percent compared to a traditional dehumidifier.

Montana Technologies wants to sell the components for its AirJoule system to established HVAC firms rather than attempt to build its own consumer products and compete with those firms directly -- it calls the approach AirJoule Inside. The firm is also working on a system for the US military, based on the same technology, that can harvest drinkable water from the air. Handy for troops stationed in the desert, one imagines. However, AirJoule is still at the prototype and testing stages. "We're building several of these pilot preproduction units for potential customers and partners," says Jore. "Think rooftops on big-box retailers." Montana Technologies isn't the only firm using cutting-edge technology to make air conditioning units more efficient. Rival firm Blue Frontier has developed a desiccant-based dehumidifying system using a liquid salt solution, with installations in various U.S. locations, that links to a secondary air-conditioning process and regenerates desiccant during off-peak hours to reduce peak electricity demand.

Then there's Nostromo Energy's IceBrick system, installed in California hotels, which freezes water capsules during off-peak hours and uses the stored coolth during peak times. This system can reduce cooling costs by up to 30 percent and emissions by up to 80 percent, according to Wired.

A group calling itself "NullBulge" published a 1.1-TB trove of data late last week that it claims is a dump of Disney's internal Slack archive. From a report: The data allegedly includes every message and file from nearly 10,000 channels, including unreleased projects, code, images, login credentials, and links to internal websites and APIs. The hackers claim they got access to the data from a Disney insider and named the alleged collaborator.

Whether the hackers actually had inside help remains unconfirmed; they could also have plausibly used info-stealing malware to compromise an employee's account. Disney did not confirm the breach or return multiple requests for comment about the legitimacy of the stolen data. A Disney spokesperson told the Wall Street Journal that the company "is investigating this matter." The data, which appears to have been first published on Thursday, was posted on BreachForums and later taken down, but it is still live on mirror sites. The hacker said they breached Disney in protest against AI-generated artwork.

Microsoft is under fire for its handling of customer notifications following a data breach by Russian state-sponsored hackers. The tech giant confirmed in March that the group known as Midnight Blizzard had accessed its systems, potentially compromising customer data. Cybersecurity experts, including former Microsoft employee Kevin Beaumont, have raised concerns about the notification process. Beaumont warned on social media that the company's emails may be mistaken for spam or phishing attempts due to their format and the use of unfamiliar links. "The notifications aren't in the portal, they emailed tenant admins instead," Beaumont stated, adding that the emails could be easily overlooked. Some recipients have reported confusion over the legitimacy of the notifications, with many seeking confirmation through support channels and account managers.

Windows Recall was "delayed" over concerns that storing unencrypted recordings of users' activity was a security risk.

But now Slashdot reader storagedude writes: The latest version of Microsoft's planned Windows Recall feature still contains data privacy and security vulnerabilities, according to a report by the Cyber Express.

Security researcher Kevin Beaumont — whose work started the backlash that resulted in Recall getting delayed last month — said the most recent preview version is still hackable by Alex Hagenah's "TotalRecall" method "with the smallest of tweaks."

The Windows screen recording feature could as yet be refined to fix security concerns, but some have spotted it recently in some versions of the Windows 11 24H2 release preview that will be officially released in the fall.
Cyber Express (the blog of threat intelligence vendor Cyble Inc) got this official response: Asked for comment on Beaumont's findings, a Microsoft spokesperson said the company "has not officially released Recall," and referred to the updated blog post that announced the delay, which said: "Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks."

"Beyond that, Microsoft has nothing more to share," the spokesperson added.
Also this week, the blog Android Authority wrote that Google is planning to introduce its own "Google AI" features to Pixel 9 smartphones. They include the ability to enhance screenshots, an "Add Me" tool for group photos — and also "a feature resembling Microsoft's controversial Recall" dubbed "Pixel Screenshots." Google's take on the feature is different and more privacy-focused: instead of automatically capturing everything you're doing, it will only work on screenshots you take yourself. When you do that, the app will add a bit of extra metadata to it, like app names, web links, etc. After that, it will be processed by a local AI, presumably the new multimodal version of Gemini Nano, which will let you search for specific screenshots just by their contents, as well as ask a bot questions about them.

My take on the feature is that it's definitely a better implementation of the idea than what Microsoft created.. [B]oth of the apps ultimately serve a similar purpose and Google's implementation doesn't easily leak sensitive information...

It's worth mentioning Motorola is also working on its own version of Recall — not much is known at the moment, but it seems it will be similar to Google's implementation, with no automatic saving of everything on the screen.
The Verge describes the Pixel 9's Google AI as "like Microsoft Recall but a little less creepy."

An anonymous reader quotes a report from Ars Technica: More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said. For years, the JavaScript code, hosted at polyfill[.]com, was a legitimate open source project that allowed older browsers to handle advanced functions that weren't natively supported. By linking to cdn.polyfill[.]io, websites could ensure that devices using legacy browsers could render content in newer formats. The free service was popular among websites because all they had to do was embed the link in their sites. The code hosted on the polyfill site did the rest. In February, China-based company Funnull acquired the domain and the GitHub account that hosted the JavaScript code. On June 25, researchers from security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites. The code was deliberately designed to mask the redirections by performing them only at certain times of the day and only against visitors who met specific criteria.

The revelation prompted industry-wide calls to take action. Two days after the Sansec report was published, domain registrar Namecheap suspended the domain, a move that effectively prevented the malicious code from running on visitor devices. Even then, content delivery networks such as Cloudflare began automatically replacing pollyfill links with domains leading to safe mirror sites. Google blocked ads for sites embedding the Polyfill[.]io domain. The website blocker uBlock Origin added the domain to its filter list. And Andrew Betts, the original creator of Polyfill.io, urged website owners to remove links to the library immediately. As of Tuesday, exactly one week after malicious behavior came to light, 384,773 sites continued to link to the site, according to researchers from security firm Censys. Some of the sites were associated with mainstream companies including Hulu, Mercedes-Benz, and Warner Bros. and the federal government. The findings underscore the power of supply-chain attacks, which can spread malware to thousands or millions of people simply by infecting a common source they all rely on.

An anonymous reader quotes a report from TorrentFreak: Hikari-no-Akari, a long-established and popular pirate site that specializes in Japanese music, is being targeted in U.S. federal court by Sony Music. [...] The music download portal, which links to externally hosted files, has been operating for well over a decade and currently draws more than a million monthly visits. In addition to the public-facing part of the site, HnA also has a private forum and Discord channel. [...] Apparently, Sony Music Japan has been keeping an eye on the unauthorized music portal. The company has many of its works shared on the site, including anime theme music, which is popular around the globe.

For example, a few weeks ago, HnA posted "Sayonara, Mata Itsuka!" from the Japanese artist Kenshi Yonezu, which is used as the theme song for the asadora series "The Tiger and Her Wings." Around the same time, PEACEKEEPER, a song by Japanese musician STEREO DIVE FOUNDATION, featured in the third season of the series "That Time I Got Reincarnated as a Slime", was shared on the site. Sony Music Japan is a rightsholder for both these tracks, as well as many others that were posted on the site. The music company presumably tried to contact HnA directly to have these listings removed and reached out to its CDN service Cloudflare too, asking it to take action. [...] They are a prerequisite for obtaining a DMCA subpoena, which Sony Music Japan requested at a California federal court this week.

Sony requested two DMCA subpoenas, both targeted at hikarinoakari.com and hnadownloads.co. The latter domain receives the bulk of its traffic from the first, which isn't a surprise considering the 'hnadownloads' name. Through the subpoena, the music company hopes to obtain additional information on the people behind these sites. That includes, names, IP-addresses, and payment info. Presumably, this will be used for follow-up enforcement actions. It's unclear whether Cloudflare will be able to hand over any usable information and for the moment, HnA remains online. Several of the infringing URLs that were identified by Sony have recently been taken down, including this one. However, others remain readily available. The same applies to private forum threads and Discord postings, of course.

The Japanese government plans to create zero-emissions logistics links between major cities, potentially using massive conveyor belts or autonomous electric carts. The initiative aims to shift millions of tons of cargo, reduce greenhouse gas emissions, and alleviate the anticipated 30% shortfall in parcel deliveries by 2030 due to a lack of drivers. New Atlas reports: According to The Japan News, the project has been under discussion since February by an expert panel at the Land, Infrastructure, Transport and Tourism ministry. A draft outline of an interim report was released Friday, revealing plans to complete an initial link between Tokyo and Osaka by 2034. Japan's well-known population collapse issues foretell severe labor squeezes in the coming years, and one specific issue this project aims to curtail is the continuing rise in online shopping, with a forecast decline in the numbers of delivery drivers that can move goods around. The country is expecting some 30% of parcels simply won't make it from A to B by 2030, because there'll be nobody to move them. Hence this wild logistical link, the first iteration of which the team says will move as much small cargo between Tokyo and Osaka as 25,000 trucks.

Exactly how it'll do this is yet to be nailed down, but individual pallets will carry up to a ton of small cargo items, and they'll move without human interference from one end to the other. One possibility is to use massive conveyor belts to cover the 500-km (310-mile) distance between the two cities, running alongside the highway or potentially through tunnels underneath the road. Alternatively, the infrastructure could simply provide flat lanes or tunnels, and the pallets could be shifted by automated electric carts. A 500-km tunnel, mind you, would be insanely expensive at somewhere around $23 billion before any conveyor belts or autonomous carts are factored in. And one does have to wonder if autonomous electric trucks might be able to do the job without any of the infrastructure requirements [...].

European Union officials have delayed talks over proposed legislation that could lead to messaging services having to scan photos and links to detect possible child sexual abuse material (CSAM). From a report: Were the proposal to become law, it may require the likes of WhatsApp, Messenger and Signal to scan all images that users upload -- which would essentially force them to break encryption. For the measure to pass, it would need to have the backing of at least 15 of the member states representing at least 65 percent of the bloc's entire population. However, countries including Germany, Austria, Poland, the Netherlands and the Czech Republic were expected to abstain from the vote or oppose the plan due to cybersecurity and privacy concerns, Politico reports. If EU members come to an agreement on a joint position, they'll have to hash out a final version of the law with the European Commission and European Parliament.

The European Union is getting closer to passing new rules that would mandate the bulk scanning of digital messages -- including encrypted ones. On Thursday, EU governments will adopt a position on the proposed legislation, which is aimed at detecting child sexual abuse material (CSAM). The vote will determine whether the proposal has enough support to move forward in the EU's law-making process. From a report: The law, first introduced in 2022, would implement an "upload moderation" system that scans all your digital messages, including shared images, videos, and links. Each service required to install this "vetted" monitoring technology must also ask permission to scan your messages. If you don't agree, you won't be able to share images or URLs.

As if this doesn't seem wild enough, the proposed legislation appears to endorse and reject end-to-end encryption at the same time. At first, it highlights how end-to-end encryption "is a necessary means of protecting fundamental rights" but then goes on to say that encrypted messaging services could "inadvertently become secure zones where child sexual abuse material can be shared or disseminated."

In 2016, Phoronix remembered how the early days of Linux kernel mode-setting (KMS) had brought hopes for improved error messages. And one long-awaited feature was errors messages for "Direct Rendering Manager" (or DRM) drivers — something analgous to the "Blue Screen of Death" Windows gives for critical errors.

Now Linux 6.10 is introducing a new DRM panic handler infrastructure enabling messages when a panic occurs, Phoronix reports today. "This is especially important for those building a kernel without VT/FBCON support where otherwise viewing the kernel panic message isn't otherwise easily available." With Linux 6.10 the initial DRM Panic code has landed as well as wiring up the DRM/KMS driver support for the SimpleDRM, MGAG200, IMX, and AST drivers. There is work underway on extending DRM Panic support to other drivers that we'll likely see over the coming kernel cycles for more widespread support... On Linux 6.10+ with platforms having the DRM Panic driver support, this "Blue Screen of Death" functionality can be tested via a route such as echo c > /proc/sysrq-trigger.
The article links to a picture shared on Mastodon by Red Hat engineer Javier Martinez Canillas of the error message being generated on a BeaglePlay single board computer.

Phoronix also points out that some operating systems have even considered QR codes for kernel error messages...

The Los Angeles Times reports that "The personal information of more than 200,000 people in Los Angeles County was potentially exposed after a hacker used a phishing email to steal the login credentials of 53 public health employees, the county announced Friday." Details that were possibly accessed in the February data breach include the first and last names, dates of birth, diagnoses, prescription information, medical record numbers, health insurance information, Social Security numbers and other financial information of Department of Public Health clients, employees and other individuals. "Affected individuals may have been impacted differently and not all of the elements listed were present for each individual," the agency said in a news release...

The data breach happened between Feb. 19 and 20 when employees received a phishing email, which tries to trick recipients into providing important information such as passwords and login credentials. The employees clicked on a link in the body of the email, thinking they were accessing a legitimate message, according to the agency...

The county is offering free identity monitoring through Kroll, a financial and risk advisory firm, to those affected by the breach. Individuals whose medical records were potentially accessed by the hacker should review them with their doctor to ensure the content is accurate and hasn't been changed. Officials say people should also review the Explanation of Benefits statement they receive from their insurance company to make sure they recognize all the services that have been billed. Individuals can also request credit reports and review them for any inaccuracies.
From the official statement by the county's Public Health department: Upon discovery of the phishing attack, Public Health disabled the impacted e-mail accounts, reset and re-imaged the user's device(s), blocked websites that were identified as part of the phishing campaign and quarantined all suspicious incoming e-mails. Additionally, awareness notifications were distributed to all workforce members to remind them to be vigilant when reviewing e-mails, especially those including links or attachments. Law enforcement was notified upon discovery of the phishing attack, and they investigated the incident.