Starting today, users of the social magazine app Flipboard can follow any federated accounts, "meaning those that participate in the social network of interconnected servers known as the fediverse," writes TechCrunch's Sarah Perez. "This now includes Threads accounts in addition to Mastodon accounts and others." From the report: With the update, which deepens Flipboard's connection with the ActivityPub social graph, any Flipboard user can follow user profiles from any other federated service. If their Flipboard account is also federated, they can interact with those users' posts and participate in conversations, as well. Flipboard's user base, however, is currently undisclosed. [...] The Flipboard app supports full fediverse integration, but the company hasn't yet allowed all users to turn on federation as it's a phased rollout. We're told the goal is to make federation a setting users can select later this year, similar to how Threads added a "fediverse sharing" option in June. When federation is enabled, people will be able to not only share to the fediverse but also see and engage with conversations around their Flipboard posts that are taking place in the fediverse.

With Tuesday's update on Flipboard, people can find and follow others in the fediverse across three areas of its app: Search, Explore and Community. In search results, Flipboard will surface federated accounts and profile results in a new section, "Fediverse Accounts." Editorial recommendations can also be found in the app's "Explore" tab under "Fediverse," and every week a new selection of accounts will be featured in the Community section. Activity from the fediverse will also be displayed in the Flipboard notifications panel, allowing people to engage and follow others in the fediverse directly from their notifications. For Flipboard users, that means they can now follow user profiles from Threads and Mastodon in the Flipboard app, including high-profile users like President Joe Biden (POTUS) and former President Barack Obama on Threads, as well as various creators, like Marques Brownlee, and journalists, like Kara Swisher.

An anonymous reader quotes a report from Ars Technica: Over the past few days, a software package called Deep-Live-Cam has been going viral on social media because it can take the face of a person extracted from a single photo and apply it to a live webcam video source while following pose, lighting, and expressions performed by the person on the webcam. While the results aren't perfect, the software shows how quickly the tech is developing -- and how the capability to deceive others remotely is getting dramatically easier over time. The Deep-Live-Cam software project has been in the works since late last year, but example videos that show a person imitating Elon Musk and Republican Vice Presidential candidate J.D. Vance (among others) in real time have been making the rounds online. The avalanche of attention briefly made the open source project leap to No. 1 on GitHub's trending repositories list (it's currently at No. 4 as of this writing), where it is available for download for free. [...]

Like many open source GitHub projects, Deep-Live-Cam wraps together several existing software packages under a new interface (and is itself a fork of an earlier project called "roop"). It first detects faces in both the source and target images (such as a frame of live video). It then uses a pre-trained AI model called "inswapper" to perform the actual face swap and another model called GFPGAN to improve the quality of the swapped faces by enhancing details and correcting artifacts that occur during the face-swapping process. The inswapper model, developed by a project called InsightFace, can guess what a person (in a provided photo) might look like using different expressions and from different angles because it was trained on a vast dataset containing millions of facial images of thousands of individuals captured from various angles, under different lighting conditions, and with diverse expressions.

During training, the neural network underlying the inswapper model developed an "understanding" of facial structures and their dynamics under various conditions, including learning the ability to infer the three-dimensional structure of a face from a two-dimensional image. It also became capable of separating identity-specific features, which remain constant across different images of the same person, from pose-specific features that change with angle and expression. This separation allows the model to generate new face images that combine the identity of one face with the pose, expression, and lighting of another.

For the first time, two new all-electric passenger trains are operating in the US, which is woefully behind the rest of the world in electrifying its rolling stock. The Verge: The two new trains are operated by Caltrain. California Governor Gavin Newson and House Speaker Emerita Nancy Pelosi were on hand to take the inaugural ride, which took place on Saturday. The trains were put into regular service the following day, running along the route between San Jose and San Francisco.

It's taken almost 20 years since the idea of electric trains was first proposed in California. But officials insisted the new trains will be quieter and faster than the diesel-powered trains in current operation while also providing a better experience for passengers. The two trains will be joined by 17 others that should be in service by mid-September.

[...] It shouldn't come as any shock that the US is lagging behind the rest of the world in introducing electric trains. India is on the cusp of electrifying 100 percent of its rail lines, while China is nearing three-quarters of its network. Over 57 percent of the rail system in the European Union is electric.

A company called ChargerHelp provides certified technicians to service EV charging stations (for a monthly fee). And they've just issued their annual "reliability report," reports CleanTechnica: Its analysis of more than 19 million data points collected from public and private sources in 2023 — including real-time assessments of 4,800 chargers from ChargerHelp technicians in the field — finds that â"software consistently overestimates station uptime, point-in-time status, and the ability to successfully charge a vehicle...."

[W]hen ChargerHelp technicians personally inspected 4,800 charge points, they found more than 10% were reported to be online but were in fact unable to complete a test charge... These findings by ChargerHelp are backed up by many smaller scale studies and surveys over the past several years that have found that claims of 95% uptime or greater do not match real world experience. A 2022 study of 657 chargers at 181 non-Tesla public charging sites in the San Francisco Bay Area determined that only 73% were capable of delivering a charge for more than two minutes, for example.

[I]mprovements have been slow to materialize. In fact, driver satisfaction with public charging has only worsened over the past year, according to the latest J.D. Power Electric Vehicle Experience Ownership Study, released in February. As the variety, price, and range of EVs available to US drivers have become more attractive, mistrust of public charging now constitutes the most significant headwind for EV adoption, J.D. Power says.
The report also "lists the biggest infrastructure pain points," reports the Verge, "including a failure to report broken stalls, inaccurate station status messages, aging equipment, and some habitually unreliable network providers (who go unnamed in the study, unfortunately)." EV chargers can break in many ways, the study concludes. These include broken retractor systems intended to protect the cable from getting mangled by vehicle tires, broken screens, and inoperable payment systems. There is also general damage to the cabinet and, of course, broken cables and connectors.

Across the chargers recorded, ChargerHelp calculates that actual uptime is only 73.7 percent, compared to the 84.6 percent self-reported by the EV network providers.

"AT&T has been told to stop running ads that claim the carrier is already offering cellular coverage from space," reports Ars Technica: AT&T intends to offer Supplemental Coverage from Space (SCS) and has a deal with AST SpaceMobile, a Starlink competitor that plans a smartphone service from low-Earth-orbit satellites. But AST SpaceMobile's first batch of five satellites isn't scheduled to launch until September.

T-Mobile was annoyed by AT&T running an ad indicating that its satellite-to-cellular service was already available, and filed a challenge with the advertising industry's self-regulatory system run by BBB National Programs. The BBB National Advertising Division (NAD) ruled against AT&T last month and the carrier appealed to the National Advertising Review Board (NARB), which has now also ruled against AT&T...

AT&T, which is also famous for renaming its 4G service "5GE," reluctantly agreed to comply with the recommendation and released a new version of the satellite-calling commercial with more specific disclaimers.
The 30-second ad — titled "Epic Bad Golf Day" — featured Ben Stiller golfing chasing a badly-hit golf ball all the way into the desert (accompanied by the Pixies' song "Where is My Mind").

But according to the article, T-Mobile filed an official complaint with the advertising review board that "the use of humor does not shield an advertiser from its obligation to ensure that claims are truthful and non-misleading." The ad originally included small text that described the depicted satellite call as a "demonstration of evolving technology." The text was changed this week to say that "satellite calling is not currently available...."

The original version also had text that said, "the future of help is an AT&T satellite call away." The NARB concluded that this "statement can be interpreted reasonably as stating that 'future' technology has now arrived... In the updated version of the ad, AT&T changed the text to say that "the future of help will be an AT&T satellite call away."

"CrowdStrike has continued doing what gave it such an expansive footprint in the first place," writes CSO Online — "detecting cyber threats and protecting its clients from them."

They interviewed Adam Meyers, CrowdStrike's SVP of counter adversary operations, whose team produced their 2024 Threat Hunting Report (released this week at the Black Hat conference). Of seven case studies presented in the report, the most daring is that of a group CrowdStrike calls Famous Chollima, an alleged DPRK-nexus group. Starting with a single incident in April 2024, CrowdStrike discovered that a group of North Koreans, posing as American workers, had been hired for multiple remote IT worker jobs in early 2023 at more than thirty US-based companies, including aerospace, defense, retail, and technology organizations.

CrowdStrike's threat hunters discovered that after obtaining employee-level access to victim networks, the phony workers performed at minimal enough levels to keep their jobs while attempting to exfiltrate data using Git, SharePoint, and OneDrive and installing remote monitoring and management (RMM) tools RustDesk, AnyDesk, TinyPilot, VS Code Dev Tunnels, and Google Chrome Remote Desktop. The workers leveraged these RMM tools with company network credentials, enabling numerous IP addresses to connect to victims' systems.

CrowdStrike's OverWatch hunters, a team of experts conducting analysis, hunted for RMM tooling combined with suspicious connections surfaced by the company's Falcon Identity Protection module to find more personas and additional indicators of compromise. CrowdStrike ultimately found that over 100 companies, most US-based technology entities, had hired Famous Chollima workers. The OverWatch team contacted victimized companies to inform them about potential insider threats and quickly corroborated its findings.
Thanks to Slashdot reader snydeq for sharing the news.

Longtime Slashdot reader schwit1 shares a report from Ars Technica: The upper stage from a Chinese rocket that launched a batch of Internet satellites Tuesday has broken apart in space, creating a debris field of at least 700 objects in one of the most heavily-trafficked zones in low-Earth orbit. US Space Command, which tracks objects in orbit with a network of radars and optical sensors, confirmed the rocket breakup Thursday. Space Command initially said the event created more than 300 pieces of trackable debris. The military's ground-based radars are capable of tracking objects larger than 10 centimeters (4 inches). Later Thursday, LeoLabs, a commercial space situational awareness company, said its radars detected at least 700 objects attributed to the Chinese rocket. The number of debris fragments could rise to more than 900, LeoLabs said. The culprit is the second stage of China's Long March 6A rocket, which lifted off Tuesday with the first batch of 18 satellites for a planned Chinese megaconstellation that could eventually number thousands of spacecraft. The Long March 6A's second stage apparently disintegrated after placing its payload of 18 satellites into a polar orbit.

Space Command said in a statement it has "observed no immediate threats" and "continues to conduct routine conjunction assessments to support the safety and sustainability of the space domain." According to LeoLabs, radar data indicated the rocket broke apart at an altitude of 503 miles (810 kilometers) at approximately 4:10 pm EDT (20:10 UTC) on Tuesday, around 13-and-a-half hours after it lifted off from northern China. At this altitude, it will take decades or centuries for the wispy effect of aerodynamic drag to pull the debris back into the atmosphere. As the objects drift lower, their orbits will cross paths with SpaceX's Starlink Internet satellites, the International Space Station and other crew spacecraft, and thousands more pieces of orbital debris, putting commercial and government satellites at risk of collision.

According to Agrarheute, hackers launched a cyberattack on a Swiss farmer's computer system, disrupting the flow of vital data from a milking robot. Tragically, this led to the death of a cow and her calf. From the report (translated from German into English): According to the CSO, hackers attacked the computers of a farmer from Hagendorn. The dairy farmer's milking robot was also connected to these computers. When the animal owner stopped receiving milking data, he initially suspected a dead zone. But then he learned from the manufacturer of his milking system that he had been hacked. Apparently it was a ransomware attack. The hackers demanded $10,000 to decrypt the data. The farmer considered whether he should give in to the cyber criminals' demands. At first he thought the data on the amount of milk produced was bearable. In addition, the milking robot also worked without a computer or network connection. The cows could therefore continue to be milked.

For one cow , however, the cyberattack ended tragically. The farmer normally receives vital data from his cows via the system. This is particularly important and critical for pregnant animals. One cow's calf died in the womb. Because the computer was paralyzed, Bircher was unable to recognize the emergency in time. They tried everything to at least save the cow, but in the end it had to be put down. Overall, the attack caused monetary damages amounting to the equivalent of over 6,400 euros, mainly due to veterinary costs and the purchase of a new computer. However, the hackers came away empty-handed.

An anonymous reader quotes a report originally published by Business Insider: A Chinese state-backed company has launched its first 18 satellites in its bid to build a vast orbital network aimed at rivaling Starlink, according to local media. The launch on Monday by Shanghai Spacecom Satellite Technology involved 18 satellites and one rocket, per The China Securities Journal, which is run by state news agency Xinhua. According to the outlet, the rocket lifted off from the Taiyuan satellite and missile launch center in Shanxi province.

These satellites mark the first step in the company's effort to create a 15,000-strong network of Low Earth Orbit satellites, which the firm has dubbed the "Thousand Sails Constellation." The company said it plans to reach that final tally by 2030, per The China Securities Journal. Domestic media has widely called the project the Chinese version of Starlink, which runs about 6,000 satellites. Elon Musk has said that he plans to eventually host a network of 42,000 satellites.

The Thousand Sails Constellation, also known as the G60 project, is one of three planned major satellite networks in the country. Each is expected to field 10,000 or more satellites. Most are anticipated to orbit between 200 and 1,200 miles above the Earth's surface, which is also where Starlink satellites are generally found. The three constellations, along with dozens of ambitious space projects from other Chinese firms, have been fueled by a recent push from the central government to loop the private sector into its science and technology goals.

Mike Masnick, a semi-regular Slashdot contributor and founder of the tech blog Techdirt, is joining the board of Bluesky, where he "will be providing advice and guidance to the company to help it achieve its vision of a more open, more competitive, more decentralized online world." Masnick writes: In the nearly three decades that I've been writing Techdirt I've been writing about what is happening in the world of the internet, but also about how much better the internet can be. That won't change. I will still be writing about what is happening and where I believe we should be going. But given that there are now people trying to turn some of that better vision into a reality, I cannot resist this opportunity to help them achieve that goal. The early internet had tremendous promise as a decentralized system that enabled anyone to build what they wanted on a global open network, opening up all sorts of possibilities for human empowerment and creativity. But over the last couple of decades, the internet has moved away from that democratizing promise. Instead, it has been effectively taken over by a small number of giant companies with centralized, proprietary, closed systems that have supplanted the more open network we were promised.

There are, of course, understandable reasons why those centralized systems have been successful, such as by providing a more user-friendly experience on the front-end. But there was a price to pay: losing user autonomy, privacy and the benefits of decentralization (not to mention losing a highly dynamic, competitive internet). The internet need not be so limited, and over the years I've tried to encourage people and companies to make different choices to return to the original promise and benefits of openness. With Bluesky, we now have one company who is trying. "Mike's work has been an inspiration to us from the start," says Jay Graber, CEO of Bluesky. "Having him join our board feels like a natural progression of our shared vision for a more open internet. His perspective will help ensure we're building something that truly serves users as we continue to evolve Bluesky and the AT Protocol."

At the Flash Memory Summit 2024 this week, NVM Express published the NVMe 2.1 specifications, which hope to enhance storage unification across AI, cloud, client, and enterprise. Phoronix's Michael Larabel writes: New NVMe capabilities with the revised specifications include:

- Enabling live migration of PCIe NVMe controllers between NVM subsystems.
- New host-directed data placement for SSDs that simplifies ecosystem integration and is backwards compatible with previous NVMe specifications.
- Support for offloading some host processing to NVMe storage devices.
- A network boot mechanism for NVMe over Fabrics (NVMe-oF).
- Support for NVMe over Fabrics zoning.
- Ability to provide host management of encryption keys and highly granular encryption with Key Per I/O.
- Security enhancements such as support for TLS 1.3, a centralized authentication verification entity for DH-HMAC-CHAP, and post sanitization media verification.
- Management enhancements including support for high availability out-of-band management, management over I3C, out-of-band management asynchronous events and dynamic creation of exported NVM subsystems from underlying NVM subsystem physical resources. You can learn more about these updates at NVMExpress.org.

An anonymous reader shares a report: Google has revealed technical details of its in-house data transfer tool, called Effingo, and bragged that it uses the project to move an average of 1.2 exabytes every day. As explained in a paper [PDF] and video to be presented on Thursday at the SIGCOMM 2024 conference in Sydney, bandwidth constraints and the stubbornly steady speed of light mean that not even Google is immune to the need to replicate data so it is located close to where it is processed or served.

Indeed, the paper describes managed data transfer as "an unsung hero of large-scale, globally-distributed systems" because it "reduces the network latency from across-globe hundreds to in-continent dozens of milliseconds." The paper also points out that data transfer tools are not hard to find, and asks why a management layer like Effingo is needed. The answer is that the tools Google could find either optimized for transfer time or handled point-to-point data streams -- and weren't up to the job of handling the 1.2 exabytes Effingo moves on an average day, at 14 terabytes per second. To shift all those bits, Effingo "balances infrastructure efficiency and users' needs" and recognizes that "some users and some transfers are more important than the others: eg, disaster recovery for a serving database, compared to migrating data from a cluster with maintenance scheduled a week from now."

An anonymous reader quotes a report from Ars Technica: Hackers delivered malware to Windows and Mac users by compromising their Internet service provider and then tampering with software updates delivered over unsecure connections, researchers said. The attack, researchers from security firm Volexity said, worked by hacking routers or similar types of device infrastructure of an unnamed ISP. The attackers then used their control of the devices to poison domain name system responses for legitimate hostnames providing updates for at least six different apps written for Windows or macOS. The apps affected were the 5KPlayer, Quick Heal, Rainmeter, Partition Wizard, and those from Corel and Sogou.

Because the update mechanisms didn't use TLS or cryptographic signatures to authenticate the connections or downloaded software, the threat actors were able to use their control of the ISP infrastructure to successfully perform machine-in-the-middle (MitM) attacks that directed targeted users to hostile servers rather than the ones operated by the affected software makers. These redirections worked even when users employed non-encrypted public DNS services such as Google's 8.8.8.8 or Cloudflare's 1.1.1.1 rather than the authoritative DNS server provided by the ISP. "That is the fun/scary part -- this was not the hack of the ISPs DNS servers," Volexity CEO Steven Adair wrote in an online interview. "This was a compromise of network infrastructure for Internet traffic. The DNS queries, for example, would go to Google's DNS servers destined for 8.8.8.8. The traffic was being intercepted to respond to the DNS queries with the IP address of the attacker's servers."

In other words, the DNS responses returned by any DNS server would be changed once it reached the infrastructure of the hacked ISP. The only way an end user could have thwarted the attack was to use DNS over HTTPS or DNS over TLS to ensure lookup results haven't been tampered with or to avoid all use of apps that deliver unsigned updates over unencrypted connections. As an example, the 5KPlayer app uses an unsecure HTTP connection rather than an encrypted HTTPS one to check if an update is available and, if so, to download a configuration file named Youtube.config. StormBamboo, the name used in the industry to track the hacking group responsible, used DNS poisoning to deliver a malicious version of the Youtube.config file from a malicious server. This file, in turn, downloaded a next-stage payload that was disguised as a PNG image. In fact, it was an executable file that installed malware tracked under the names MACMA for macOS devices or POCOSTICK for Windows devices. As for the hacked ISP, the security firm said "it's not a huge one or one you'd likely know."

"In our case the incident is contained but we see other servers that are actively serving malicious updates but we do not know where they are being served from. We suspect there are other active attacks around the world we do not have purview into. This could be from an ISP compromise or a localized compromise to an organization such as on their firewall."

This week America's Securities and Exchange Commission filed fraud charges against the former CEO of the startup social media site "IRL"

The BBC reports: IRL — which was once considered a potential rival to Facebook — took its name from its intention to get its online users to meet up in real life. However, the initial optimism evaporated after it emerged most of IRL's users were bots, with the platform shutting in 2023...

The SEC says it believes [CEO Abraham] Shafi raised about $170m by portraying IRL as the new success story in the social media world. It alleges he told investors that IRL had attracted the vast majority its supposed 12 million users through organic growth. In reality, it argues, IRL was spending millions of dollars on advertisements which offered incentives to prospective users to download the IRL app. That expenditure, it is alleged, was subsequently hidden in the company's books.
IRL received multiple rounds of venture capital financing, eventually reaching "unicorn status" with a $1.17 billion valuation, according to TechCrunch. But it shut down in 2023 "after an internal investigation by the company's board found that 95% of the app's users were 'automated or from bots'."

TechCrunch notes it's the second time in the same week — and at least the fourth time in the past several months — that the SEC has charged a venture-backed founder on allegations of fraud... Earlier this week, the SEC charged BitClout founder Nader Al-Naji with fraud and unregistered offering of securities, claiming he used his pseudonymous online identity "DiamondHands" to avoid regulatory scrutiny while he raised over $257 million in cryptocurrency. BitClout, a buzzy crypto startup, was backed by high-profile VCs such as a16z, Sequoia, Chamath Palihapitiya's Social Capital, Coinbase Ventures and Winklevoss Capital.

In June, the SEC charged Ilit Raz, CEO and founder of the now-shuttered AI recruitment startup Joonko, with defrauding investors of at least $21 million. The agency alleged Raz made false and misleading statements about the quantity and quality of Joonko's customers, the number of candidates on its platform and the startup's revenue.

The agency has also gone after venture firms in recent months. In May, the SEC charged Robert Scott Murray and his firm Trillium Capital LLC with a fraudulent scheme to manipulate the stock price of Getty Images Holdings Inc. by announcing a phony offer by Trillium to purchase Getty Images.

In 2006 MySpace reportedly became America's most-visited web site — passing both Google and Yahoo Mail.

So what happened? TribLive reports: The co-founders, Tom Anderson and Chris DeWolfe, sold MySpace to Rupert Murdoch's News Corporation for $580 million in 2005, and that company sold it to the online advertising company Specific Media and Justin Timberlake in 2011, which later became the ad tech firm Viant, according to SlashGear. Viant was bought by Time in 2016, which was acquired by Meredith Corporation at the end of 2017, according to The Guardian. Meredith then sold Myspace to Viant Technology LLC, which currently operates the platform, SlashGear said.

During its time under Timberlake, Myspace morphed from a social media platfrom and turned over a new leaf as a music discovery site, SlashGear reported. The once booming online atmosphere has turned into a ghost town, according to The Guardian. Despite the number of people on Myspace dwindling, a handful of devoted users remains.
The glory days of MySpace drew this bittersweet remembrance from TechRadar: Not everyone on the TechRadar team looks back on those early MySpace years fondly, with our US editor in chief Lance Ulanoff recalling that it "it was like peoples' brains had been turned inside out and whatever didn't stick, dropped onto the page and was represented as a GIF".

Many of us do, though, remember picking our Top 8s (the site's weird ranking system for your friends) and decorating our MySpace pages with as many flashing lights as possible.

Seattle is the smartest city in America, with Miami and then Austin close behind. That's according to a promotional study from smart-building tools company ProptechOS. Newsweek reports: The evaluation of tech infrastructure and connectivity was based on several factors, including the number of free Wi-Fi hot spots, the quantity and density of AI and IoT companies, average broadband download speeds, median 5G coverage per network provider, and the number of airports. Meanwhile, green infrastructure was assessed based on air quality, measured by exposure to PM2.5, tiny particles in the air that can harm health. Other factors include 10-year changes in tree coverage, both loss and gain; the number of electric vehicle charging points and their density per 100,000 people; and the number of LEED-certified green buildings. The tech job market was evaluated on the number of tech jobs advertised per 100,000 people.
Seattle came in first after assessing 16 key indicators across connectivity/infrastructure, sustainability, and tech jobs — "boasting 34 artificial intelligence companies and 13 Internet of Things companies per 100,000 residents." In terms of sustainability, Seattle has enhanced its tree coverage by 13,700 hectares from 2010 to 2020 and has established the equivalent of 10 electric vehicle charging points per 100,000 residents. Seattle has edged out last year's top city, Austin, to claim the title of the smartest city in the U.S., with an overall score of 75.7 out of 100. Miami wasn't far behind, achieving a score of 75.4. However, Austin still came out on top for smart city infrastructure, scoring 86.2 out of 100. This is attributed to its high broadband download speed of 275.60 Mbps — well above the U.S. average of 217.14 Mbps — and its concentration of 337 AI companies, or 35 per 100,000 people.
You can see the full listings here. The article notes that the same study also ranked Paris as the smartest city in Europe — slipping ahead of London — thanks to Paris's 99.5% 5G coverage, plus "the second-highest number of AI companies in Europe and the third-highest number of free Wi-Fi hot spots. Paris is also recognized for its traffic management systems, which monitor noise levels and air quality."

Newsweek also shares this statement from ProptechOS's founder/chief ecosystem officer. "Advancements in smart cities and future technologies such as next-generation wireless communication and AI are expected to reduce environmental impacts and enhance living standards."

In April CNBC reported on an alternate list of the smartest cities in the world, created from research by the World Competitiveness Center. It defined smart cities as "an urban setting that applies technology to enhance the benefits and diminish the shortcomings of urbanization for its citizens." And CNBC reported that based on the list, "Smart cities in Europe and Asia are gaining ground globally while North American cities have fallen down the ranks... Of the top 10 smart cities on the list, seven were in Europe." Here are the top 10 smart cities, according to the 2024 Smart City Index.

- Zurich, Switzerland
- Oslo, Norway
- Canberra, Australia
- Geneva, Switzerland
- Singapore
- Copenhagen, Denmark
- Lausanne, Switzerland
- London, England
- Helsinki, Finland
- Abu Dhabi, United Arab Emirates

Notably, for the first time since the index's inception in 2019, there is an absence of North American cities in the top 20... The highest ranking U.S. city this year is New York City which ranked 34th, followed by Boston at 36th and Washington DC, coming in at 50th place.

Slashdot reader Applehu Akbar shared this report from MacRumors: Epic Games CEO Tim Sweeney commented on Apple's 'Find My' service, referring to it as "super creepy surveillance tech" that "shouldn't exist." Sweeney went on to explain that several years ago, "a kid" stole a Mac laptop out of his car. Years later, Sweeney was checking Find My, and as the Mac was still connected to his Apple ID account, it showed him the location where the thief lived.
When someone asked Sweeney if he'd at least gotten his laptop back, Sweeney answered "No. I was creeped the hell out by having unexpectedly received the kid's address, and turned off Find My iPhone on all of my devices."

Slashdot reader crmarvin42 quipped "Tell me you are stupidly rich, without telling me you are stupidly rich... Next someone will be saying that it is 'Creepy' to have security footage of someone taking your Amazon packages off of your porch." And they also questioned Sweeney's sincerity, suggesting that he's "just saying that to try and make Apple look bad because of all the lawsuits going on."

MacRumors followed the ensuing discussion: Sweeney said that the location of a device in someone's possession can't be tracked without tracking the person, and "people have a right to privacy." ["This right applies to second hand device buyers and even to thieves."] He claims that detection and recovery of a lost or stolen device should be "mediated by due process of law" and not exposed to the device owner "in vigilante fashion."
Some responded to Sweeney's comments by sharing the headline of a Vox news story about Epic's own privacy polices. ("Fortnite maker Epic Games has to pay $520 million for tricking kids and violating their privacy.")

MacRumors cited a 2014 report that thefts of iPhones dropped after the introduction of Apple's "Activation Lock" feature (which prevents the disabling of 'Find My' without a password).

But when the blog AppleInsider accused Sweeney of "an incredibly bad leap of logic" — Sweeney responded. "You're idealizing this issue as good guys tracking criminals to their lairs, but when Find My or Google's similar tech points a device owner to a device possessor's home, one must anticipate the presence of families and kids and innocent used device buyers, and ask whether it's really appropriate for a platform to use GPS and shadowy mesh network tech to set up physical confrontations among individuals."

Sweeney also posted a quote from Steve Jobs about how at Apple, "we worry that some 14-year-old is going to get stalked and something terrible is going to happen because of our phone."

An anonymous reader shared this report from BleepingComputer: A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. Also tracked as Evasive Panda, Daggerfly, and StormCloud, this cyber-espionage group has been active since at least 2012, targeting organizations across mainland China, Hong Kong, Macao, Nigeria, and various Southeast and East Asian countries.

On Friday, Volexity threat researchers revealed that the Chinese cyber-espionage gang had exploited insecure HTTP software update mechanisms that didn't validate digital signatures to deploy malware payloads on victims' Windows and macOS devices... To do that, the attackers intercepted and modified victims' DNS requests and poisoned them with malicious IP addresses. This delivered the malware to the targets' systems from StormBamboo's command-and-control servers without requiring user interaction.
Volexity's blog post says they observed StormBamboo "targeting multiple software vendors, who use insecure update workflows..." and then "notified and worked with the ISP, who investigated various key devices providing traffic-routing services on their network. As the ISP rebooted and took various components of the network offline, the DNS poisoning immediately stopped."

BleepingComputer notes that "âAfter compromising the target's systems, the threat actors installed a malicious Google Chrome extension (ReloadText), which allowed them to harvest and steal browser cookies and mail data."

An anonymous reader quotes a report from The Guardian: The technology flaws of the U.S. Secret Service helped the gunman who attempted to assassinate Donald Trump during a rally in Butler, Pennsylvania, last month evade detection. An officer broadcast "long gun!" over the local law enforcement radio system, according to congressional testimony from the Secret Service this week, the New York Times reported. The radio message should have travelled to a command center shared between local police and the Secret Service, but the message was never received by the Secret Service. About 30 seconds later, the shooter, Thomas Crooks, fired his first shots.

It was one of several technology issues facing the Secret Service on 13 July due to either malfunction, improper deployment or the Secret Service opting not to utilize them. The Secret Service had also previously rejected requests from the Trump campaign for more resources over the past two years. The use of a surveillance drone was turned down by the Secret Service at the rally site and the agency also did not bring in a system to boost the signals of agents' devices as the area had poor cell service. And a system to detect drone use in the area by others did not work, according to the report in the New York Times, due to the communications network in the area being overwhelmed by the number of people gathered at the rally. The federal agency did not use technology it had to bolster their communications system. The shooter flew his own drone over the site for 11 minutes without being detected, about two hours before Trump appeared at the rally. Ronald Rowe Jr, the acting Secret Service director, said it never utilized the technological tools that could have spotted the shooter beforehand.

A former Secret Service officer also told the New York Times he "resigned in 2017 over frustration with the agency's delays in evaluating new technology and getting clearance and funding to obtain it and then train officers on it," notes The Guardian. Furthermore, the Secret Service failed to record communications between federal and local law enforcement at the rally.

An anonymous reader quotes a report from SFGATE: Over the past few years, scores of California tech workers have ended up in the exact same position: laid-off, looking for work on LinkedIn and sick of it. LinkedIn, part job site and part social network, has become an all but necessary tool for the office-job-seeking masses in the Bay Area and beyond. As tech companies gut their workforces, people who would otherwise give the blue-and-white site a wide berth feel compelled to scroll for hours every day for job opportunities. LinkedIn is a dominant force in the professional world, with more than 1 billion users and 67 million weekly job searchers. That scale, plus the torrent of self-promotion and corporate platitudes fueling the platform, has long made it a symbol of modern capitalism. Now, in the age of tech's layoffs, it's also a symbol of dread.

The platform's specter looms so large because it does exactly what it needs to. Tech workers are stuck on Linkedin: In a competitive job market rife with spam listings, the free platform's networking-focused features set it a peg above competitors like Indeed, Dice and Levels.fyi in the search for full-time work. Since February, SFGATE has spoken with 10 recently laid-off tech workers; most of them see LinkedIn as painful but necessary and have locked up new jobs in part thanks to the platform. Tech worker Kyle Kohlheyer told SFGATE that returning to LinkedIn after losing his job at Cruise in December felt like "salt in the wound" and called the job site a "cesspool" of wannabe thought leaders and "temporarily embarrassed millionaires."

"I found success on their platform, but I f-king hate LinkedIn," Kohlheyer said. "It sucks. It is a terrible place to exist every day and depend on a job for. [...] There's just such a capitalist-centric mindset on there that is so annoying as a worker who has been fundamentally screwed by companies," he said. "Wading" through LinkedIn, he said, it's hard to tell if people feel like an alternative to the top-heavy, precarious tech economy is even possible.

Another tech worker, Mark Harris, added: "Is [LinkedIn] a terrible sign that we live in a capitalist hellscape? Hell yes! But we do live in a capitalist hellscape, and girl's gotta eat."