Amy Hawkins reports via The Guardian: A programmer in northern China has been ordered to pay more than 1 million yuan to the authorities for using a virtual private network (VPN), in what is thought to be the most severe individual financial penalty ever issued for circumventing China's "great firewall." The programmer, surnamed Ma, was issued with a penalty notice by the public security bureau of Chengde, a city in Hebei province, on August 18. The notice said Ma had used "unauthorised channels" to connect to international networks to work for a Turkish company. The police confiscated the 1.058m yuan ($145,092) Ma had earned as a software developer between September 2019 and November 2022, describing it as "illegal income," as well as fining him 200 yuan ($27). Charlie Smith (a pseudonym), the co-founder of GreatFire.org, a website that tracks internet censorship in China, said: "Even if this decision is overturned in court, a message has been sent and damage has been done. Is doing business outside of China now subject to penalties?"

An anonymous reader quotes a report from TechCrunch: Several groups of hacktivists have targeted Israeli websites with floods of malicious traffic following a surprise land, sea and air attack launched against Israel by militant group Hamas on Saturday, which prompted Israel to declare war and retaliate. Israeli newspaper The Jerusalem Post reported Monday that since Saturday morning its website was down "due to a series of cyberattacks initiated against us." At the time of writing, the paper's website still appeared down.

Rob Joyce, director of cybersecurity at the National Security Agency, reportedly said at a conference on Monday that there have been denial of service (DDoS) attacks and defacements of websites, without attributing the cyberattacks to particular groups. "But we're not yet seeing real [nation] state malicious actors," Joyce reportedly said. [...] Joyce's remarks appear to confirm findings of security researcher Will Thomas, who told TechCrunch that he has seen more than 60 websites taken down with DDoS attacks, and more than five websites that were defaced as of Monday.

It is common for hacktivist groups to launch cyberattacks during armed conflict, similar to what happened in Ukraine. These hackers are often not affiliated with any governments but rather a decentralized group of politically motivated hackers. Their activities can disrupt websites and services, but are far more limited compared to the activities of nation-state hacking groups. Researchers and government agencies like the NSA say they have only seen activity by hacktivists so far in this Hamas-Israel conflict. "The thing that has surprised me about the hacktivism surrounding this conflict is the amount of international groups involved, such as those allegedly from Bangladesh, Pakistan, and Morocco all also targeting Israel in support of Palestine," said Thomas. "We also seen long-time threat actors returning who have participated in attacks and spread them using the hashtag #OpIsrael for years."

"I have seen several posts of cybercriminal service operators such as DDoS-for-Hire or Initial Access Brokers offering their services to those wanting to target Israel or Palestine," he added.

AI startup Anthropic, writing in a blog post: Neural networks are trained on data, not programmed to follow rules. With each step of training, millions or billions of parameters are updated to make the model better at tasks, and by the end, the model is capable of a dizzying array of behaviors. We understand the math of the trained network exactly -- each neuron in a neural network performs simple arithmetic -- but we don't understand why those mathematical operations result in the behaviors we see. This makes it hard to diagnose failure modes, hard to know how to fix them, and hard to certify that a model is truly safe. Neuroscientists face a similar problem with understanding the biological basis for human behavior. The neurons firing in a person's brain must somehow implement their thoughts, feelings, and decision-making. Decades of neuroscience research has revealed a lot about how the brain works, and enabled targeted treatments for diseases such as epilepsy, but much remains mysterious. Luckily for those of us trying to understand artificial neural networks, experiments are much, much easier to run. We can simultaneously record the activation of every neuron in the network, intervene by silencing or stimulating them, and test the network's response to any possible input.

Unfortunately, it turns out that the individual neurons do not have consistent relationships to network behavior. For example, a single neuron in a small language model is active in many unrelated contexts, including: academic citations, English dialogue, HTTP requests, and Korean text. In a classic vision model, a single neuron responds to faces of cats and fronts of cars. The activation of one neuron can mean different things in different contexts. In our latest paper, Towards Monosemanticity: Decomposing Language Models With Dictionary Learning , we outline evidence that there are better units of analysis than individual neurons, and we have built machinery that lets us find these units in small transformer models. These units, called features, correspond to patterns (linear combinations) of neuron activations. This provides a path to breaking down complex neural networks into parts we can understand, and builds on previous efforts to interpret high-dimensional systems in neuroscience, machine learning, and statistics. In a transformer language model, we decompose a layer with 512 neurons into more than 4000 features which separately represent things like DNA sequences, legal language, HTTP requests, Hebrew text, nutrition statements, and much, much more. Most of these model properties are invisible when looking at the activations of individual neurons in isolation.

An anonymous reader quotes a report from SecurityWeek: Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, according to a warning from cybersecurity vendor Human Security. As part of the global cybercriminal operation called BadBox (PDF), Human Security found a threat actor relied on supply chain compromise to infect the firmware of more than 70,000 Android smartphones, CTV boxes, and tablet devices with the Triada malware. The infected devices come from at least one Chinese manufacturer but, before they are delivered to resellers, physical retail stores, and e-commerce warehouses, a backdoor was injected into their firmware. "Products known to contain the backdoor have been found on public school networks throughout the United States," Human says.

Discovered in 2016, Triada is a modular trojan residing in a device's RAM, relying on the Zygote process to hook all applications on Android, actively using root privileges to substitute system files. Over time, the malware went through various iterations and was found pre-installed on low-cost Android devices on at least two occasions. As part of the BadBox operation that Human Security discovered, the infected low-cost Android devices allow threat actors to carry out various ad-fraud schemes, including one named PeachPit, which at its peak relied on 121,000 Android and 159,000 iOS devices infected with malware, and on 39 Android, iOS, and CTV-centric apps designed to connect to a fake supply-side platform (SSP).

One of the modules delivered to the infected devices from the command-and-control (C&C) server allows the creation of WebViews that are fully hidden from the user, but which "are used to request, render, and click on ads, spoofing the ad requests to look like they're coming from certain apps, referred by certain websites, and rendered" on specific devices. BadBox, Human Security notes, also includes a residential proxy module that allows the threat actors to sell access to the victim's network. Furthermore, they can create WhatsApp messaging accounts and Gmail accounts they can then use for other malicious activities. "Finally, because of the backdoor's connection to C2 servers on BadBox-infected smartphones, tablets, and CTV boxes, new apps or code can be remotely installed by the threat actors without the device owner's permission. The threat actors behind BadBox could develop entirely new schemes and deploy them on BadBox-infected devices without any interaction from the devices' owners," Human notes.

The National Security Agency (NSA), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), have highlighted the ten most common cybersecurity misconfigurations in large organizations. In their join cybersecurity advisory (CSA), they also detail the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations. From the report: Through NSA and CISA Red and Blue team assessments, as well as through the activities of NSA and CISA Hunt and Incident Response teams, the agencies identified the following 10 most common network misconfigurations:

1. Default configurations of software and applications
2. Improper separation of user/administrator privilege
3. Insufficient internal network monitoring
4. Lack of network segmentation
5. Poor patch management
6. Bypass of system access controls
7. Weak or misconfigured multifactor authentication (MFA) methods
8. Insufficient access control lists (ACLs) on network shares and services
9. Poor credential hygiene
10. Unrestricted code execution

NSA and CISA encourage network defenders to implement the recommendations found within the Mitigations section of this advisory -- including the following -- to reduce the risk of malicious actors exploiting the identified misconfigurations: Remove default credentials and harden configurations; Disable unused services and implement access controls; Update regularly and automate patching, prioritizing patching of known exploited vulnerabilities; and Reduce, restrict, audit, and monitor administrative accounts and privileges.

NSA and CISA urge software manufacturers to take ownership of improving security outcomes of their customers by embracing secure-by-design and-default tactics, including: Embedding security controls into product architecture from the start of development and throughout the entire software development lifecycle (SDLC); Eliminating default passwords; Providing high-quality audit logs to customers at no extra charge; and Mandating MFA, ideally phishing-resistant, for privileged users and making MFA a default rather than opt-in feature. A PDF version of the report can be downloaded here (PDF).

The Biden administration has urged the FCC to adopt strong rules to redress historic shortfalls that have left some communities lacking adequate broadband service. From a report: The position sets up a possible clash with large broadband providers that have warned the FCC, which is set to produce rules by next month, against unnecessary regulations. Clear rules are needed to close the digital divide that leaves millions without adequate broadband, the National Telecommunications and Information Administration said in a statement. The Commerce Department unit advises the president and develops internet policy. "Strong rules are needed to remedy unequal access to internet service, no matter what the cause may be," said Alan Davidson, the assistant secretary of commerce for communications and information, who is also the NTIA's top official. "Rules that combat digital discrimination will bring lasting relief to vulnerable communities that historically have been left behind online."

The FCC is considering regulations to prevent and eliminate digital discrimination of access based on income level, race and other factors, according to Chairwoman Jessica Rosenworcel. Broadband advocates have told the agency they want deep changes that will steer spending into cities. Some urban neighborhoods have suffered from disinvestment dating back to redlining decades ago, when government-aided discriminatory lending patterns starved neighborhoods of housing resources. Many of those areas still aren't prosperous, and haven't seen network upgrades.

Hyundai and Kia said on Thursday that they will adopt Tesla's electric vehicle charging technology in the United States. Reuters reports: Joining their global peers, including Ford Motor, General Motors and Nissan in adopting Tesla's North American Charging Standard (NACS), Hyundai's and Kia's moves take the Elon Musk-led company's superchargers closer to becoming the industry standard at the expense of the rival Combined Charging System (CCS). Hyundai and Kia's new EVs will come with a NACS port, starting in the fourth quarter of 2024 in the United States, the companies said.

However, in Canada, Hyundai EVs equipped with the NACS port would be available in the first half of 2025, while Kia's EVs with the technology by the end of 2024. The move gives Hyundai and Kia EVs with NACS ports access to more than 12,000 Tesla Superchargers across the United States, Canada, and Mexico, the companies said. The South Korean automakers also said that they would offer adapters to owners of existing and future Hyundai and Kia EVs with the current CCS giving them access to Tesla's Supercharging Network in the first quarter of 2025.

An anonymous reader quotes a report from Ars Technica: Within the past year, there have been approximately five times more school shooting hoaxes called in to police than actual school shootings reported in 2023. Where data from Everytown showed "at least 103 incidents of gunfire on school grounds" in 2023, The Washington Post recently uncovered what seems to be a coordinated campaign of active shooter hoaxes causing "swattings" -- where police respond with extreme force to fake crimes -- at more than 500 schools nationwide over the past year. In just one day in February, "more than 30 schools were targeted," The Post reported.

The Post "examined police reports, emergency call recordings, body-camera footage, or call logs in connection with incidents in 24 states," which seemed to reveal a "distinct pattern" potentially linking swatting hoaxes nationwide. A man who "speaks with a heavy accent" -- and possibly uses a device or app to alter his voice in real time -- relies on a virtual private network (VPN) to mask his IP address, then places the hoax calls on non-emergency lines using free Internet-calling services. He frequently pretends to be a teacher hiding from the fake shooter on campus and sometimes falsely reports student shootings. To some law enforcement officials, the voice sounds too similar from call to call to be chalked up to coincidence. The Post stitched together audio that shows why many authorities believe these hoax calls might be coming from the same caller, whose motivations are currently unknown. It's possible the hoax calls are being orchestrated by one person with a hostile compulsion or by one or several perpetrators advertising swatting services available for hire online. [...]

According to The Post, the FBI has been investigating this string of school shooting hoaxes, but it's unclear how far that investigation has gotten -- mostly because tracing the hoax calls has perplexed many law enforcement agencies nationwide. Tracing calls is difficult partly because many VPN providers outside the US don't always cooperate with law enforcement, and some of the most popular free Internet-calling services only require an email address to sign up. However, The Post reported that it has increasingly become clear to law enforcement that one particular Internet-calling service appears to be the most popular choice for hoax callers reporting school shootings: TextNow. One police captain in Lousiana, Shannon Mack -- who is described as specializing in "cases involving Internet-based phone services -- told The Post that "nine times out of 10," hoax calls she has investigated have come from a TextNow number.

An anonymous reader quotes a report from MIT Technology Review: Thirteen US states are now implementing underground thermal energy networks to reduce buildings' carbon emissions as part of a nationwide push to adopt cleaner energy sources. Thermal energy networks use pipe loops that connect multiple buildings and provide heating and cooling through water-source heat pumps. Geothermal heat is commonly used in these networks, but it is also possible to bring in waste heat from other buildings through the sewer system. When installed, these networks can provide efficient, fossil fuel-free heating and cooling to commercial and residential buildings. Thanks to legislative backing and widespread support from utility companies and labor unions they're likely to become an increasingly significant part of the future energy mix in the US.

"Heat is the largest source of waste energy and it's an untapped resource," says Zeyneb Magavi, co-executive director at clean energy nonprofit HEET (Home Energy Efficiency Team). "Once we have a thermal energy network, we can tap into that resource by moving it to where we need it." While the projects are still at the planning and regulatory stage in most of the 13 states, construction is already underway in some. [...] The advantages of thermal energy networks extend beyond reducing carbon emissions. Scaling them up from a few buildings to a community or utility level can also help make the grid more resilient and efficient. Magavi says every time a "loop" of thermal energy network is added to the grid, its ability to predict and manage power flow becomes more accurate. This interconnectedness helps the system become more resilient in high-stress situations.

Becky Ferreira writes via the New York Times: Last November, a satellite in low-Earth orbit unfurled into an expansive array that extends across nearly 700 square feet, about the size of a studio apartment. The satellite, BlueWalker 3, has since become one of the brightest objects in the sky, outshining some of the most radiant stars in the Milky Way, according to a study published on Monday in Nature -- and it is just the first of dozens of similar satellites that are in development by AST SpaceMobile, a company that aims to keep smartphones connected from orbit. "The issue is not necessarily that one satellite," said Siegfried Eggl, an astrophysicist at the University of Illinois, Urbana-Champaign and an author of the new study, "but that it is a predecessor or prototype of a constellation, so there's going to be a lot of those out there eventually."

Initially launched in September 2022, BlueWalker 3 is the forerunner of AST SpaceMobile's BlueBird satellites, which aim to serve as a network of orbital cell towers with the goal "to democratize access to knowledge and information regardless of where people live and work," a spokesperson for AST SpaceMobile said. Last month, BlueWalker 3 successfully relayed its first 5G connection to a smartphone in a cellular coverage gap on Earth. AST SpaceMobile is one of many companies racing to capture the surging demand for global broadband connectivity. "At the moment, there are 18 constellations that we know are planned all over the world," Dr. Eggl said. "The total number of satellites is a stunning half a million that people are planning to put up there. This is 100 times more than we already have."

AST SpaceMobile made BlueWalker 3's array so large in order to beam strong cellular coverage directly to phones on Earth. The satellite is made of many small antennas that can connect existing smartphones, which is an approach that distinguishes the company from Starlink and other planned constellations that currently rely on ground antennas or dishes. [...] AST SpaceMobile said that it was working with astronomers on techniques to reduce disruptions. It also contrasted the number in its constellation with the tens of thousands planned by other companies. The spokesperson said it could "provide substantial global coverage with around 90 satellites." Though BlueBird satellites would be far fewer in number, they are at least 64 times as big and bright as a Starlink satellite. The SpaceX orbiters are also brightest in the days after their deployment, but they become much fainter once they settle into their target orbits. Astronomers expect that the BlueBird satellites will remain bright in the sky throughout most of their lifetime. As a consequence, one of these satellites could interfere with data captured by astronomical observatories.

An anonymous reader quotes a report from ZDNet: Microsoft's proprietary protocol, Remote Network Driver Interface Specification (RNDIS), started with a good idea. It would enable hardware vendors to add networking support to USB devices without having to build them from scratch. There was only one little problem. RNDIS has no security to speak of. As Greg Kroah-Hartman, the Linux Foundation fellow responsible for stable Linux kernel releases, wrote in November 2022 on the Linux Kernel Mailing List (LKML), "The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on any system that uses it with untrusted hosts or devices. Because the protocol is impossible to make secure, just disable all RNDIS drivers to prevent anyone from using them again."

He added, in another message, "The protocol was never designed to be used with untrusted devices. It was created, and we implemented support for it, when we trusted USB devices that we plugged into our systems, AND we trusted the systems we plugged our USB devices into." That's no longer the case. Kroah-Hartman concluded, "Today, with untrusted hosts and devices, it's time just to retire this protocol. As I mentioned in the patch comments, Android disabled this many years ago in their devices, with no loss of functionality."

[...] But now, sick and tired of having a built-in Windows security exploit in Linux, Kroah-Hartman has decided that enough was enough. He's disabled all the RNDIS protocol drivers in Linux's Git repository. That means that while the RNDIS code is still in the Linux kernel, if you try to build Linux using this new patch, all your RNDIS drivers will be broken and won't build. This is one step short of purging RNDIS from Linux.

Long-time Slashdot reader schwit1 shares a report from The Intercept: The Heat Initiative, a nonprofit child safety advocacy group, was formed earlier this year to campaign against some of the strong privacy protections Apple provides customers. The group says these protections help enable child exploitation, objecting to the fact that pedophiles can encrypt their personal data just like everyone else. When Apple launched its new iPhone this September, the Heat Initiative seized on the occasion, taking out a full-page New York Times ad, using digital billboard trucks, and even hiring a plane to fly over Apple headquarters with a banner message. The message on the banner appeared simple: 'Dear Apple, Detect Child Sexual Abuse in iCloud' -- Apple's cloud storage system, which today employs a range of powerful encryption technologies aimed at preventing hackers, spies, and Tim Cook from knowing anything about your private files.

Something the Heat Initiative has not placed on giant airborne banners is who's behind it: a controversial billionaire philanthropy network whose influence and tactics have drawn unfavorable comparisons to the right-wing Koch network. Though it does not publicize this fact, the Heat Initiative is a project of the Hopewell Fund, an organization that helps privately and often secretly direct the largesse -- and political will -- of billionaires. Hopewell is part of a giant, tightly connected web of largely anonymous, Democratic Party-aligned dark-money groups, in an ironic turn, campaigning to undermine the privacy of ordinary people.

For an organization demanding that Apple scour the private information of its customers, the Heat Initiative discloses extremely little about itself. According to a report in the New York Times, the Heat Initiative is armed with $2 million from donors including the Children's Investment Fund Foundation, an organization founded by British billionaire hedge fund manager and Google activist investor Chris Cohn, and the Oak Foundation, also founded by a British billionaire. The Oak Foundation previously provided $250,000 to a group attempting to weaken end-to-end encryption protections in EU legislation, according to a 2020 annual report. The Heat Initiative is helmed by Sarah Gardner, who joined from Thorn, an anti-child trafficking organization founded by actor Ashton Kutcher. [...] Critics say these technologies aren't just uncovering trafficked children, but ensnaring adults engaging in consensual sex work. "My goal is for child sexual abuse images to not be freely shared on the internet, and I'm here to advocate for the children who cannot make the case for themselves," Gardner said, declining to name the Heat Initiative's funders. "I think data privacy is vital. I think there's a conflation between user privacy and known illegal content."

Todd Shields and Loren Grush reporting via Bloomberg: Dish Network Corp. was fined $150,000 by US regulators for leaving a retired satellite parked in the wrong place in space, reflecting official concern over the growing amount of debris orbiting Earth and the potential for mishaps. The Federal Communications Commission called the action its first to enforce safeguards against orbital debris. "This is a breakthrough settlement, making very clear the FCC has strong enforcement authority and capability to enforce its vitally important space debris rules," Loyaan A. Egal, the agency's enforcement bureau chief, said in a statement.

Dish's EchoStar-7 satellite, which relayed pay-TV signals, ran short of fuel, and the company retired it at an altitude roughly 76 miles (122 kilometers) above its operational orbit. It was supposed to have been parked 186 miles above its operational orbit, the FCC said in an order (PDF). The company admitted it failed to park EchoStar-7 as authorized. It agreed to implement a compliance plan and pay a $150,000 civil penalty, the FCC said.

A Kenyan parliamentary panel called on the country's information technology regulator on Monday to shut down the operations of cryptocurrency project Worldcoin within the country until more stringent regulations are put in place. From a report: The government suspended the project in early August following privacy objections over its scanning of users' irises in exchange for a digital ID to create a new "identity and financial network". Worldcoin was rolled out in various countries around the world by Tools for Humanity, a company co-founded by OpenAI CEO Sam Altman. It has also come under scrutiny in Britain, Germany and France. The project still has a virtual presence in Kenya and can be accessed via the Internet, even after the August suspension. The regulatory Communications Authority of Kenya should "disable the virtual platforms of Tools for Humanity Corp and Tools for Humanity GmbH Germany (Worldcoin) including blacklisting the IP addresses of related websites," the ad hoc panel of 18 lawmakers said in a report.

Europe's biggest telecoms companies have called on the EU to compel Big Tech to pay a "fair" contribution for using their networks, the latest stage in a battle for payments that has pitched the sector against companies such as Netflix and Google. From a report: Technology companies that "benefit most" from telecoms infrastructure and drive traffic growth should contribute more to costs, according to the chief executives of 20 groups including BT, Deutsche Telekom and Telefonica, who signed an open letter seen by the Financial Times. It will be sent to the European Commission and members of the European parliament. "Future investments are under serious pressure and regulatory action is needed to secure them," they warned. "A fair and proportionate contribution from the largest traffic generators towards the costs of network infrastructure should form the basis of a new approach."

They added that regulators need to take action to help secure future investment, with telecoms groups having to spend billions to support the rollout of 5G and upgrade to full-fibre networks. Signatories included Timotheus Hottges at Deutsche Telekom, Christel Heydemann at Orange, Jose Mara Alvarez-Pallete at Telefonica and Pietro Labriola at Telecom Italia. It was also supported by outgoing BT chief executive Philip Jansen, his successor Allison Kirkby, who is currently chief executive at Telia, as well as Vodafone's chief executive Margherita Della Valle. They suggested that a payment mechanism might only make demands on "the very largest traffic generators" with a focus on "accountability and transparency on contributions...so that operators invest directly into Europe's digital infrastructure."

Long-time Slashdot reader theodp spotted a Reddit Ask Me Anything (AMA) this week with the Microsoft engineering team that created Python in Excel, a new feature that makes it possible to natively combine Python and Excel analytics in Excel workbooks. (Copilot integration is coming soon). Redditors expressed a wish to be able to run Python in environments other than the confines of the locked down, price-to-be-determined Microsoft Azure cloud containers employed by Python in Excel.

But "There were three main reasons behind starting with the cloud (as a GDPR Compliant Microsoft 365 Connected experience) first," MicrosoftExcelTeam explained:

1. Running Python securely on a local machine is a difficult problem. We treat all Python code in the workbook as untrusted, so we execute it in a hypervisor-isolated container on Azure that does not have any outbound network access. Python code and the data that it operates on is sent to be executed in the container. The Microsoft-licensed Python environment in the container is provided by Anaconda and was prepared using their stringent security practices as documented here.

2. Sharing Excel workbooks with others is a really important scenario. We wanted to ensure that the Python code in a workbook you share behaves the same when your teammates open it â" without requiring them to install and manage Python.

3. We need to ensure that the Python in Excel feature always works for our customers. The value of Python is in its ecosystem of libraries, not just in providing a Python interpreter. But managing a local Python environment is challenging even for the most experienced developers. By running on Azure, we remove the need for users or their systems administrators to maintain a local installation of Python on every machine that uses the feature in their organization...


So, how does one balance tradeoffs between increased security and ease-of-maintenance with the loss of functionality and increased costs when it comes to programming language use? Is it okay to just give up on making certain important basic functionality available, as Microsoft is doing here with Python and has done in the past by not supporting Excel VBA in the Cloud and no longer making BASIC available on PCs and Macs?
Microsoft's team added at one point that "For our initial release, we are targeting data analytics scenarios, and bringing the power of Python analytics libraries into Excel.

"We believe the approach weâ(TM)ve taken will appeal to analysts who use both Excel and Python Notebooks in their workflows. Today, these users need to import/export data and have no way of creating a self-contained artifact that can be easily and securely shared with their colleagues."

An anonymous reader quotes a report from Motherboard: Scientists have witnessed brain patterns in dying patients that may correlate to commonly reported "near-death" experiences (NDEs) such as lucid visions, out-of-body sensations, a review of one's own life, and other "dimensions of reality," reports a new study. The results offer the first comprehensive evidence that patient recollections and brain waves point to universal elements of NDEs. During an expansive multi-year study led by Sam Parnia, an intensive care doctor and an associate professor in the department of medicine at NYU Langone Health, researchers observed 567 patients in 25 hospitals around the world as they underwent cardiopulmonary resuscitation (CPR) after suffering cardiac arrest, most of which were fatal.

Electroencephalogram (EEG) brain signals captured from dozens of the patients revealed that episodes of heightened consciousness occurred up to an hour after cardiac arrest. Though most of the patients in the study were sadly not resuscitated by CPR, 53 patients were brought back to life. Of the survivors, 11 patients reported a sense of awareness during CPR and six reported a near-death experience. Parnia and his colleagues suggest that the transition from life to death can trigger a state of disinhibition in the brain that "appears to facilitate lucid understanding of new dimensions of reality -- including people's deeper consciousness -- all memories, thoughts, intentions and actions towards others from a moral and ethical perspective," a finding with profound implications for CPR research, end-of-life care, and consciousness, among other fields, according to a new study published in Resuscitation. [...]

"One of the things that was unique about this project is that this was the first time ever where scientists had put together a method to examine for signs of lucidity and consciousness in people as they're being revived by looking for brain markers, or brain signatures of consciousness, using an EEG device as well as a brain oxygen monitor," Parnia explained. "Most doctors are taught and believe that the brain dies after about five or 10 minutes of oxygen deprivation," Parnia said. "One of the key points that comes out of this study is that that is actually not true. Although the brain flatlines after the heart stops, and that happens within seconds, it doesn't mean that it's permanently damaged and [has] died. It's just hibernating. What we were able to show is that actually, the brain can respond and restore function again, even after an hour later, which opens up a whole window of opportunity for doctors to start new treatments." Indeed, the study reports that "near-normal/physiological EEG activity (delta, theta, alpha, beta rhythms) consistent with consciousness and a possible resumption of a network-level of cognitive and neuronal activity emerged up to 35-60 minutes into CPR. This is the first report of biomarkers of consciousness during CA/CPR."

An anonymous reader quotes a report from the BBC: What I felt was fear," says Claudia Duarte Agostinho as she remembers the extreme heatwave and fires that ripped through Portugal in 2017 and killed more than 100 people. "The wildfires made me really anxious about what sort of future I would have." Claudia, 24, her brother Martim, 20, and her sister Mariana, 11, are among six young Portuguese people who have filed a lawsuit against 32 governments, including all EU member states, the UK, Norway, Russia, Switzerland and Turkey. They accuse the countries of insufficient action over climate change and failing to reduce their greenhouse gas emissions enough to hit the Paris Agreement target of limiting global warming to 1.5C. The case is the first of its kind to be filed at the European Court of Human Rights (ECHR) in Strasbourg. If it is successful, it could have legally-binding consequences for the governments involved. The first hearing in the case is being held on Wednesday.

Aged from 11 to 24, the six claimants argue that the forest fires that have occurred in Portugal each year since 2017 are a direct result of global warming. They claim that their fundamental human rights -- including the right to life, privacy, family life and to be free from discrimination -- are being violated due to governments' reluctance to fight climate change. They say they have already been experiencing significant impacts, especially because of extreme temperatures in Portugal forcing them to spend time indoors and restricting their ability to sleep, concentrate or exercise. Some also suffer from eco-anxiety, allergies and respiratory conditions including asthma. None of the young applicants is seeking financial compensation.

Lawyers representing the six young claimants are expected to argue in court that the 32 governments' current policies are putting the world on course for 3C of global warming by the end of the century. [...] In separate and joint responses to the case, the governments argue that the claimants have not sufficiently established that they have suffered as a direct consequence of climate change or the Portuguese wildfires. They claim there is no evidence to show climate change poses an immediate risk to human life or health, and also argue that climate policy is beyond the scope of the European Court of Human Rights jurisdiction. "These six young people from Portugal, who are ordinary individuals concerned about their future, will be facing 32 legal teams, hundreds of lawyers representing governments whose inaction is already harming them," says Gearoid O Cuinn, director of Global Legal Action Network (GLAN).

"So this is a real David vs Goliath case that is seeking a structural change to put us on a much better track in terms of our future."

Two designers from New Zealand built a wildly popular social network for movie buffs. Now, they're cashing in (and sticking around for the sequel). The New York Times: The "Barbie" star Margot Robbie created an account. Ditto Rian Johnson, the "Knives Out" auteur. Christopher McQuarrie, Tom Cruise's directing partner, has used his to heap praise on another action star (Sylvester Stallone). Letterboxd, the social network for recommending and reviewing movies, has become a kind of shibboleth for film nerds over the past decade. Roughly 10 million people now use the service to share their favorites: You like Studio Ghibli, too? What's your favorite Spike Lee joint?

The service has not undergone any revolutionary changes since it was founded in 2011. But Letterboxd is undergoing two big changes: a new owner and, eventually, user recommendations and review of TV shows. Matthew Buchanan and Karl von Randow, Letterboxd's founders, announced on Friday that they were selling a majority stake in the service to Tiny, a public company in Victoria, British Columbia. The deal values Letterboxd at more than $50 million, said a person familiar with the sale, who spoke on the condition of anonymity to discuss confidential financial information.

Mr. Buchanan and Mr. von Randow, two entrepreneurs based in New Zealand, have reassurances for their users who may be afraid of what a sale could mean for their corner of the internet. First, neither co-founder is planning to leave any time soon, and both will remain shareholders. And the service itself isn't changing immediately. The proposal to incorporate TV is still in its infancy, and the founders said they did not expect that the addition would disrupt their existing products.

Ivan Mehta writes via TechCrunch: Reddit said Wednesday that the platform is revamping its privacy settings with an aim to make ad personalization and account visibility toggles consistent. Most notably though, it is removing the ability to opt out of ad personalization based on Reddit activity. The company said that it will still have opt-out controls in "select countries" without specifying which ones. It mentioned in a blog post that users won't see more ads but they will see better-targeted ads following this change.

The company is essentially removing the option to not track you based on whatever you do on Reddit. Additionally, Reddit is consolidating two toggles on showing ads based on activity and information from partners into one toggle. So there is no way to separate those two settings now. Reddit is seemingly removing toggles for getting post recommendations based on "general location" and activity on partner sites and apps. It's not clear if this means those parameters will be used for post suggestions by default and there is no way to turn them off.

The social network said it will also roll out controls to limit certain advertising categories such as alcohol, weight loss, dating, gambling pregnancy and parenting. The company noted that ad-limiting controls will possibly show you fewer ads from mentioned categories if the toggles are turned off, but won't possibly filter out all ads. Reddit justified this by saying it uses manual tagging and machine learning to label ads, so there is a chance that it is not 100% accurate. Reddit is also simplifying its location customization setting under a single menu, which will be easily accessible through settings on apps and on the web.