cross-posted from: programming.dev/post/36708596

Main.

Attackers regularly use SSH (Secure SHell) to compromise systems, e.g., via brute-force attacks, establishing persistence by deploying SSH public keys. This ranges from IoT botnets like Mirai, over loader and dropper systems, to the back-ends of malicious operations. Identifying compromised systems at the Internet scale would be a major break-through for combatting malicious activity by enabling targeted clean-up efforts.

In this paper, we present a method to identify compromised SSH servers at scale. For this, we use SSH's behavior to only send a challenge during public key authentication, to check if the key is present on the system. Our technique neither allows us to access compromised systems (unlike, e.g., testing known attacker passwords), nor does it require access for auditing.

With our methodology used at an Internet-wide scan, we identify more than 21,700 unique systems (1,649 ASes, 144 countries) where attackers installed at least one of 52 verified malicious keys provided by a threat intelligence company, including critical Internet infrastructure. Furthermore, we find new context on the activities of malicious campaigns like, e.g., the 'fritzfrog' IoT botnet, malicious actors like 'teamtnt', and even the presence of state-actor associated keys within sensitive ASes. Comparing to honeypot data, we find these to under-/over-represent attackers' activity, even underestimating some APTs' activities. Finally, we collaborate with a national CSIRT and the Shadowserver Foundation to notify and remediate compromised systems. We run our measurements continuously and automatically share notifications.

Pro

2025-09-01 19:08:09

[PDF] Over 16,000 compromised servers uncovered using Secure Shell key probing method

Main.

Attackers regularly use SSH (Secure SHell) to compromise systems, e.g., via brute-force attacks, establishing persistence by deploying SSH public keys. This ranges from IoT botnets like Mirai, over loader and dropper systems, to the back-ends of malicious operations. Identifying compromised systems at the Internet scale would be a major break-through for combatting malicious activity by enabling targeted clean-up efforts.

In this paper, we present a method to identify compromised SSH servers at scale. For this, we use SSH's behavior to only send a challenge during public key authentication, to check if the key is present on the system. Our technique neither allows us to access compromised systems (unlike, e.g., testing known attacker passwords), nor does it require access for auditing.

With our methodology used at an Internet-wide scan, we identify more than 21,700 unique systems (1,649 ASes, 144 countries) where attackers installed at least one of 52 verified malicious keys provided by a threat intelligence company, including critical Internet infrastructure. Furthermore, we find new context on the activities of malicious campaigns like, e.g., the 'fritzfrog' IoT botnet, malicious actors like 'teamtnt', and even the presence of state-actor associated keys within sensitive ASes. Comparing to honeypot data, we find these to under-/over-represent attackers' activity, even underestimating some APTs' activities. Finally, we collaborate with a national CSIRT and the Shadowserver Foundation to notify and remediate compromised systems. We run our measurements continuously and automatically share notifications.

cross-posted from: programming.dev/post/36708596

Main.

Attackers regularly use SSH (Secure SHell) to compromise systems, e.g., via brute-force attacks, establishing persistence by deploying SSH public keys. This ranges from IoT botnets like Mirai, over loader and dropper systems, to the back-ends of malicious operations. Identifying compromised systems at the Internet scale would be a major break-through for combatting malicious activity by enabling targeted clean-up efforts.

In this paper, we present a method to identify compromised SSH servers at scale. For this, we use SSH's behavior to only send a challenge during public key authentication, to check if the key is present on the system. Our technique neither allows us to access compromised systems (unlike, e.g., testing known attacker passwords), nor does it require access for auditing.

With our methodology used at an Internet-wide scan, we identify more than 21,700 unique systems (1,649 ASes, 144 countries) where attackers installed at least one of 52 verified malicious keys provided by a threat intelligence company, including critical Internet infrastructure. Furthermore, we find new context on the activities of malicious campaigns like, e.g., the 'fritzfrog' IoT botnet, malicious actors like 'teamtnt', and even the presence of state-actor associated keys within sensitive ASes. Comparing to honeypot data, we find these to under-/over-represent attackers' activity, even underestimating some APTs' activities. Finally, we collaborate with a national CSIRT and the Shadowserver Foundation to notify and remediate compromised systems. We run our measurements continuously and automatically share notifications.

Pro

2025-09-01 19:08:09

[PDF] Over 16,000 compromised servers uncovered using Secure Shell key probing method

Main.

Attackers regularly use SSH (Secure SHell) to compromise systems, e.g., via brute-force attacks, establishing persistence by deploying SSH public keys. This ranges from IoT botnets like Mirai, over loader and dropper systems, to the back-ends of malicious operations. Identifying compromised systems at the Internet scale would be a major break-through for combatting malicious activity by enabling targeted clean-up efforts.

In this paper, we present a method to identify compromised SSH servers at scale. For this, we use SSH's behavior to only send a challenge during public key authentication, to check if the key is present on the system. Our technique neither allows us to access compromised systems (unlike, e.g., testing known attacker passwords), nor does it require access for auditing.

With our methodology used at an Internet-wide scan, we identify more than 21,700 unique systems (1,649 ASes, 144 countries) where attackers installed at least one of 52 verified malicious keys provided by a threat intelligence company, including critical Internet infrastructure. Furthermore, we find new context on the activities of malicious campaigns like, e.g., the 'fritzfrog' IoT botnet, malicious actors like 'teamtnt', and even the presence of state-actor associated keys within sensitive ASes. Comparing to honeypot data, we find these to under-/over-represent attackers' activity, even underestimating some APTs' activities. Finally, we collaborate with a national CSIRT and the Shadowserver Foundation to notify and remediate compromised systems. We run our measurements continuously and automatically share notifications.

cross-posted from: programming.dev/post/36707987

::: spoiler Comments
- Hackernews
:::

Pro

2025-09-01 18:58:49

Bear Blog is now source-available

::: spoiler Comments
- Hackernews;
- Lobsters.
:::

Bear is now source-available

Updates to the Bear license

^{ᕕ( ᐛ )ᕗ Herman's blog}

cross-posted from: programming.dev/post/36707987

::: spoiler Comments
- Hackernews
:::

Pro

2025-09-01 18:58:49

Bear Blog is now source-available

::: spoiler Comments
- Hackernews;
- Lobsters.
:::

Bear is now source-available

Updates to the Bear license

^{ᕕ( ᐛ )ᕗ Herman's blog}

::: spoiler Abstract

A critical component of optical communications is the availability of a suitable waveguide technology for the transport of electromagnetic waves with low loss over a broad spectral range. In the past four decades, despite extensive research, the attenuation and spectral bandwidth of silica-based optical fibres have remained relatively unchanged, with state-of-the-art fibres offering values of 0.14 dB km^−1^ and 26 THz below 0.2 dB km^−1^, respectively. Here we report a microstructured optical waveguide with unprecedented transmission bandwidth and attenuation, with a measured loss of 0.091 dB km^−1^ at 1,550 nm that remains below 0.2 dB km^−1^ over a window of 66 THz. Instead of a traditional solid glass core, this innovative optical fibre features a core of air surrounded by a meticulously engineered glass microstructure to guide light. This approach not only reduces attenuation and other signal degradation phenomena, but it also increases transmission speeds by 45%. Furthermore, the approach theoretically supports further loss reductions and operation at wavelengths where broader bandwidth amplifiers exist, potentially heralding a new era in long-distance communications as well as remote delivery of laser beams.
:::

::: spoiler Main

The quest for long-distance communication has driven human creativity for centuries, from the use of fire beacons at night in the Old and Middle Ages, to the mechanical optical telegraphs of the Napoleonic era, up to the groundbreaking electric telegraphs of the 1850s. The transmission of the first Morse-coded message across the Atlantic via a sub-sea telegraph cable in 1858 was a monumental achievement that shrank geographical divides and revolutionized communication. The realization in the early twentieth century that modulated radio waves could be reflected by the ionosphere further enhanced communication capabilities, thus enabling long-distance communications even in the absence of a direct connection and of a line of sight. However, the inherent noisiness, unreliability and limited bandwidth of radio wave communication prompted the development of higher-quality cables that could transmit multiple voice calls simultaneously. Heaviside’s coaxial cable, with suitably developed conductive and insulating materials, became the technology that underpinned long-distance transmissions for decades. The transition from coaxial cables to optical fibres marked another notable milestone in communication technology. The pioneering work of Kao and Hockham in the 1960s identified the potential of using purified glass for transmitting modulated optical signals (hence information) to kilometre-scale distances, leading to the development of low-loss optical fibres by Corning in the 1970s. This innovation ushered in the era of digital optical communications, which for the last half a century has formed the backbone of global telecommunication networks and enabled the internet revolution. Is a further step ahead possible?

All these breakthroughs were driven by the primary objective to transmit more information, as either more simultaneous messages and voice calls in the analogue electrical era or more bits per second in the digital age. A second, non-negligible goal has always been the reduction of the attenuation (or ‘loss’) of the transmission medium, to increase the distance that a signal could reach before needing regeneration or amplification. Shannon’s mathematical theory of information linked the two goals: lower attenuation required less amplification; the resulting improvement in the signal-to-noise ratio enabled the system to increase its maximum throughput of information.

Upshifting the frequency of the modulated signal carrier from tens of MHz used in the long-distance electrical coaxial cables to hundreds of THz used in optical communications enabled an increase in information throughput of more than a million times. Simultaneously, optical fibres also presented an ultralow level of attenuation of around 0.15 dB km^−1^, which remained approximately constant over a bandwidth of ~10 THz where optical amplification from erbium-doped fibre amplifiers was available. This was a substantial improvement over coaxial cables, where attenuation was frequency dependent (as √f) and reached much higher values than optical fibres at the top frequencies (for example, ~4.5 dB km^−1^ at 30 MHz in the transatlantic TAT-6 cable).

Despite unrelented progress in the field of optical communications since 1970, the minimum attenuation of silica glass fibres has remained approximately unchanged for more than four decades: from 0.154 dB km^−1^ in 1985 to 0.1396 dB km^−1^ in 2024. The seemingly insurmountable attenuation limit of ~0.14 dB km^−1^ for information-carrying waveguides has so far hindered further breakthroughs in communication systems. It has also forced technology to converge to this relatively narrow frequency range of only 5% of the carrier frequency (10 THz at around 192 THz).

Having failed in many decades to identify and synthetize a more transparent glass than silica, a potential route to further lower the propagation loss of a long-distance communication waveguide is to avoid the scattering and absorptions introduced by the glass and which cause loss of signal power in telecoms fibres. This can be achieved by transmitting electromagnetic radiation in a hollow region rather than through a solid glass core. Theoretical foundations, early loss estimates and first experiments for cylindrical, metal, hollow waveguides pre-dated the development of ultra-pure glass fibres. Experimental works from Bell Labs in the mid-twentieth century with dielectric-coated metallic hollow pipes (WT4) reached losses as low as 0.5 dB km^−1^ at frequencies of 70 GHz and impressive capacities of 476,000 voice channels15. The technology was however discarded in the mid-1970s for installation complexities and techno-economic reasons.

New research in the late 1990s and 2000s investigated the potential for achieving ultralow loss at visible/near-infrared frequencies by transmitting light through hair-thin flexible hollow core fibres (HCFs). These glass-based waveguides could transmit light in an air core, thanks to a periodic ‘holey’ cladding around it that created an out-of-plane photonic bandgap. While such research produced an outstanding new tool for scientific investigations, it failed to attain fibres with attenuation below 1 dB km^−1^ and with adequate modal purity for long-distance communication. It is only with the advent of a second generation of HCFs, guiding light through antiresonances and inhibited coupling effects in sub-wavelength-thick, core-surrounding membranes, and with the introduction of nested tube designs, that the prospect of achieving sub-0.14 dB km^−1^ losses became viable. Over the last 6 years, through improved designs and engineering, loss in these nested or double nested antiresonant nodeless hollow core fibres (NANFs/DNANFs) has decreased by an order of magnitude, reaching near parity with the fundamental attenuation of silica glass telecoms fibres at 1,550 nm, and lower values at both shorter and longer wavelengths.

In this work, we showcase the latest advancements in hollow core DNANF technology and present the first optical waveguide that surpasses conventional optical fibres in both loss and bandwidth simultaneously. With a measured loss of under 0.1 dB km^−1^ across an 18 THz bandwidth, this breakthrough result paves the way for a potential revolution in optical communications, enabling unprecedented data transmission capacities, more energy-efficient optical networks and longer unamplified spans.
:::

Broadband optical fibre with an attenuation lower than 0.1 decibel per kilometre - Nature Photonics

Microstructured air-core optical fibre provides unprecedented low-loss transmission of light signals over a broad wavelength window.

^Nature

Main.

Attackers regularly use SSH (Secure SHell) to compromise systems, e.g., via brute-force attacks, establishing persistence by deploying SSH public keys. This ranges from IoT botnets like Mirai, over loader and dropper systems, to the back-ends of malicious operations. Identifying compromised systems at the Internet scale would be a major break-through for combatting malicious activity by enabling targeted clean-up efforts.

In this paper, we present a method to identify compromised SSH servers at scale. For this, we use SSH's behavior to only send a challenge during public key authentication, to check if the key is present on the system. Our technique neither allows us to access compromised systems (unlike, e.g., testing known attacker passwords), nor does it require access for auditing.

With our methodology used at an Internet-wide scan, we identify more than 21,700 unique systems (1,649 ASes, 144 countries) where attackers installed at least one of 52 verified malicious keys provided by a threat intelligence company, including critical Internet infrastructure. Furthermore, we find new context on the activities of malicious campaigns like, e.g., the 'fritzfrog' IoT botnet, malicious actors like 'teamtnt', and even the presence of state-actor associated keys within sensitive ASes. Comparing to honeypot data, we find these to under-/over-represent attackers' activity, even underestimating some APTs' activities. Finally, we collaborate with a national CSIRT and the Shadowserver Foundation to notify and remediate compromised systems. We run our measurements continuously and automatically share notifications.

But the Miccosukee don’t oppose the detention center just because it’s “a showcase of cruelty.” For decades, the tribe has been at the center of several legal disputes that have set precedents for how U.S. courts interpret tribal sovereignty, environmental law, and the taxation of Native Americans. In 1982, for example, the tribe sued the state of Florida for illegal land grabs, resulting in the Florida Indian Land Claims Settlement Act, a law that extinguished land claims in exchange for thousands of acres held in trust. In 2004, they challenged Miami’s pumping of sewage into the Everglades, a case that highlighted the Miccosukee’s role in defending the ecosystem and influenced the national debate on water transfers.

Water has been the focus of many of their conservation efforts. The fragile ecosystem has been altered since the last century by urbanization and agriculture, particularly by the diversion of water from its natural course from Lake Okeechobee, north of the peninsula, to Florida Bay, a process that can take months or years.

In the heart of the Miccosukee, the Native American tribe that shut down Alligator Alcatraz

The community found refuge from white persecution deep in the Everglades swamps centuries ago. Together with environmental groups, they succeeded in forcing the closure of the immigration detention center built on their ancestral lands

^{Abel Fernández (Ediciones EL PAÍS S.L.)}

For posts that receive a lot comments, e.g. 50~100+

When I turn on notifications for a post, I receive the notifications for new comments but the "Go to" link just takes me to the top of the post, not to the specific comment. (Same problem in both Zen/Firefox browser on computer and Firefox/PWA on Android.)

E.g. piefed.social/notification/115…

Is this just me?

Dopo 11 giorni di negoziati a Ginevra, i delegati di 184 nazioni non sono riusciti a trovare un accordo su un trattato giuridicamente vincolante per affrontare la crisi globale della plastica.

I punti di disaccordo principali sono stati:

• Limitazione della produzione: profonda spaccatura tra chi chiedeva limiti vincolanti alla produzione di nuova plastica e chi si opponeva.

• Controlli chimici: stallo sull'imposizione di regole globali per le sostanze chimiche tossiche usate nella produzione.

• Finanziamento: nessun consenso su come finanziare l'attuazione del trattato, specialmente per i paesi in via di sviluppo.

La ministra francese per la transizione ecologica, Agnès Pannier-Runacher, si è detta "arrabbiatissima" per la mancanza di risultati tangibili, sottolineando che "la plastica uccide". Il delegato della Colombia ha accusato "un piccolo numero di stati" di aver bloccato l'accordo, in un apparente riferimento alle nazioni produttrici di petrolio che spingevano per focalizzarsi solo sul riciclo e non sulla riduzione della produzione.

I colloqui sono sospesi e dovrebbero riprendere in futuro, ma il fallimento ritarda una cruciale soluzione coordinata alla crisi.

Perché riguarda anche la moda?

Il poliestere è plastica. Questo trattato avrebbe avuto un impatto diretto sull'industria della moda, regolamentando le sostanze chimiche tossiche e la produzione della fibra sintetica più utilizzata dal fast fashion.

(Fonti: Reuters, The Guardian)

Il fallimento ritarda una cruciale soluzione coordinata alla crisi.

Se vuoi approfondire / If you want to know more:

🇮🇹 🔗 Leggi qui.

🇬🇧 🔗 Read more here

Plastic pollution: Global plastic treaty talks collapse after 11 Days - suite123

Plastic pollution: Nations fail to agree on production caps and chemical controls, delaying a critical solution to the plastic crisis.

^suite123

Each month, we create a post to keep you abreast of news and happenings regarding the server, discuss recent events, and to act as town square for the community.

🌟 Community Highlights 🌟

• !abop@slrpnk.net by @oppression_abolisher (new community, help them get it started ♥️)
• !smolweb@slrpnk.net - Dedicated to non-commercial, lean websites and its ideals. A concept becoming ever more appealing as the mainstream web tightens the noose with further enshittificiation.
• !selfhosting@slrpnk.net - Goes hand-in-hand with smol web principles. Learn how to self-host your own websites and services for a more distributed and decentralized web!

🌏 World Carfree Day / In town, without my car! Events September 21-28 🚴

World Car-Free day
is September 22nd. At SLRPNK we'd like to draw a little more attention to this holiday, and see it celebrated even more widely and internationally. Like all good holidays, it has its roots in civil disobedience.

In 1961, Jane Jacobs wrote The Death and Life of Great American Cities. She was one of the organizers of demonstrations that saved a popular public park in New York City from being turned into more road for cars. She was inspired by both the Garden City and City Beautiful movements before her, and her book and methods were internationally influential.

The Netherlands had seen the precursor to car-free days as a response to oil price shocks during the Suez Crisis, and anti-car sentiment has festered due to speeding vehicles in narrow city streets. Late one night in 1968, neighbors in Groningen took pickaxes and shovels to sections of their street to create intentional barriers that cars had to slow to navigate around. Despite official resistance, the civil disobedience movement to create "Woonerfs" or "Living Streets" spread, and in 1972 the first official Woonerf was constructed in Delft.

The Dutch lead the way in re-envisioning cities without cars through the 1970s, but the idea became internationally popular. People began organizing yearly car-free days, with the intention to explore other ways of organizing city life without the use of personal motor vehicles. Car-free days and automobile restraint in Urban planning goes hand in hand.

In one famous case in Jakarta, Indonesia, Car-free day is a weekly event. On Sunday mornings, several streets into the city are barred from use by traffic. They become popular paths for pedestrians and cyclists who come to the city for Sunday events. Initially it was planned to occur only 3 times a year in 2007, but as interest and infrastructure around the event grew, it became a weekly event only 5 years later. The streets used for this purpose have become more pedestrian-friendly as their use by pedestrians grew.

The most popular day for yearly Car-free days is September 22nd. In french-speaking countries, it is called "En ville, sans ma voiture" or "In town, without my car" - but the concept is the same. What ever the concept is called in your locality, we would like to boost it here as a Solarpunk holiday. Check out related communities for this event:

• !urbanism@slrpnk.net
• !utilitycycling@slrpnk.net
• !publictransport@slrpnk.net
• !TacticalUrbanism@slrpnk.net

📡 Technical updates from the servers 🧑‍💻

Not many updates from the technical department, but the consistent memory leak issue returned in Lemmy 0.19.12 that forces us to regularly restart the backend which always comes with a short 2-3 minute downtime (and if we don't catch it on time it sometimes crashes the database with causes issues with the XMPP auth integration).

There have been some nice improvements on our Movim instance though (OMEMO e2ee and image uploads should be more reliable now, and you can do full-text search in your chats), and we started experimenting with a XMPP server module that added Unified Push distributor support (so that you can use an XMPP app like Conversations to receive privacy preserving push notifications). Movim also added support for small group video calls (incl. screen-sharing), but we need to improve our STUN/TURN setup a bit for the connection establishment to be more reliable.

Last but least, some updates on the planned Piefed migration: The main blocker for re-using the bcrypt hashed passwords from the Lemmy database was resolved in Piefed which opens the path to start doing some testing on how to migrate accounts to the Piefed database. Don't expect immediate progress though, as time is limited to work on this right now. In addition the Hanubeki Lemmy theme we are using is also migrating to Piefed, so we will have a nice continuation of our color schemes.

💬 Open Discussion 💬

Now it’s your turn to share whatever you’d like down below; your thoughts, ideas, concerns, hopes, or anything related to the server. If you have a new community you’d like to shine a spotlight, shine away! If you’re a new user wanting to say hi, feel free to post an introduction 😀

SLRPNK Community Resources:

Community Wiki - Moderators, you can create your own Wiki here for your communities!

Movim Chat - Open to all members (use your SLRPNK login credentials)

Etherpad - Collaborative document editor

https://www.wired.com/story/big-tech-companies-in-the-us-have-been-told-not-to-apply-the-digital-services-act/

Federal clean energy tax credits have been essential to the financing of wind and solar projects across the country, and a key part of states’ plans to transition to wind and solar power.

Following President Donald Trump’s moves to quickly phase out those credits, pending projects have a tight time frame to start construction before their eligibility expires. But states have long struggled to speed up permitting decisions, reduce regulatory hurdles and add new power to the grid. And the clock is running out.

“Every month counts,” said Patty O’Keefe, Midwest regional director at Vote Solar, a clean energy advocacy nonprofit. “[The tax credits] are the financial backbone of nearly every renewable energy project that’s currently in the pipeline.”

https://northdakotamonitor.com/2025/08/31/states-fast-track-wind-solar-permits-and-contracts-to-beat-trumps-deadline/

Charles Borges, the agency's chief data officer, alleged that more than 300 million Americans’ Social Security data was put at risk by DOGE officials who uploaded sensitive information to a cloud account not subject to oversight. His disclosure was submitted to the special counsel’s office on Tuesday.

“After reporting internally to management and externally to regulators, serious data and security and integrity concerns impacting our citizens’ most sensitive personal data, I have suffered exclusion, isolation, internal strife, and a culture of fear, creating a hostile work environment and making work conditions intolerable,” Borges added.

The Government Accountability Project, which is representing him in his whistleblower case, posted Borges' resignation letter on its website Friday evening. Borges declined to comment.

“He no longer felt that he could continue to work for the Social Security Administration in good conscience, given what he had witnessed,” his attorney Andrea Meza said in a statement. She added that Borges would continue to work with the proper oversight bodies on the matter.

Social Security whistleblower who claims DOGE mishandled Americans' sensitive data resigns from post

Social Security’s chief data officer, Charles Borges, resigned after alleging officials mishandled sensitive data on 300M Americans, citing retaliation and a hostile workplace.

^{AP via Scripps News Group (News Channel 5 Nashville (WTVF))}

Forecasts show US losing foreign travelers

The World Travel & Tourism Council projected ahead of Memorial Day that the U.S. would be the only country among the 184 it studied where foreign visitor spending would fall in 2025. The finding was "a clear indicator that the global appeal of the U.S. is slipping," the global industry association said.

"The world's biggest travel and tourism economy is heading in the wrong direction," Julia Simpson, the council's president and CEO, said. "While other nations are rolling out the welcome mat, the U.S. government is putting up the 'closed' sign."

Travel research firm Tourism Economics, meanwhile, predicted this month that the U.S. would see 8.2% fewer international arrivals in 2025, an improvement from its earlier forecast of a 9.4% decline but well below the numbers of foreign visitors to the country before the COVID-19 pandemic.

Downturn in international travel to the US may last beyond summer, experts warn

A decline in foreign visitors traveling to the United States has stretched well into the summer. And tourism experts say the downward trend shows no immediate signs of reversing.

^{AP via Scripps News Group (News Channel 5 Nashville (WTVF))}

A plan circulating in the White House to develop the “Gaza Riviera” as a string of high-tech megacities has been dismissed as an “insane” attempt to provide cover for the large-scale ethnic cleansing of the Palestinian territory’s population.

Named the Gaza Reconstitution, Economic Acceleration and Transformation Trust – or GREAT – the proposal was reportedly developed by some of the same Israelis who created and set in motion the US- and Israeli-backed Gaza Humanitarian Foundation (GHF) with financial planning contributed by Boston Consulting Group.

Most controversially, the 38-page plan suggests what it calls “temporary relocation of all of Gaza’s more than 2 million population” – a proposal that would amount to ethnic cleansing, potentially a genocidal act.

Palestinians would be encouraged into “voluntary” departure to another country or into restricted, secure zones during reconstruction. Those who own land would be offered “a digital token” by the trust in exchange for rights to redevelop their property, to be used to finance a new life elsewhere. Those who stay would be housed in properties with a tiny footprint of 323 sq ft –minuscule even by the standards of many non-refugee camp homes in Gaza.

Leaked ‘Gaza Riviera’ plan dismissed as ‘insane’ attempt to cover ethnic cleansing

Prospectus proposes forced displacement of entire population and puts territory into US trusteeship

^{Peter Beaumont (The Guardian)}

::: spoiler Comments
- Hackernews.
:::

Distributed Denial of Secrets Ehud Barak emails Leak Archive.

After his first arrest for sex crimes, Jeffrey Epstein tried to get into a new line of work: surveillance. In 2015, he partnered with former Israeli Prime Minister Ehud Barak to invest in a security tech startup called Reporty Homeland Security, now known as Carbyne. Leaked emails show that Epstein was using Barak to seek out opportunities in the surveillance industry and build connections with powerful figures around the globe, including American businessman Peter Thiel, the former director of Israeli signals intelligence, and two people in Russian President Vladimir Putin's circle.

After he was first caught sexually exploiting teenage girls, Epstein had pleaded guilty to soliciting prostitution in 2008; he served a little over a year in detention. Meanwhile, he invested his wealth in bizarre projects, including a ranch to breed women with his DNA and "efforts to identify a mysterious particle that might trigger the feeling that someone is watching you," according to The New York Times.

The leaked emails show that Epstein was also interested in more mundane means of spying on and manipulating people, which overlapped with the technologies governments often pursue. This interest crossed borders.

Barak's email inbox was quietly posted by Distributed Denial of Secrets, a website widely considered to be a successor to WikiLeaks, on a file-sharing platform for verified journalists and researchers in May 2025. The contents came from Handala, a hacker group named for a Palestinian cartoon character that has been leaking files taken from senior Israeli officials for several months.

Although the emails were posted without technical metadata or cryptographic signatures that would allow their authenticity to be verified, they include dozens of images, videos, voice recordings, and scanned documents from Barak and his friends and family that have never been published elsewhere. And they include information that was not publicly known at the time of the email leaks, including a reference to Epstein's birthday book.

The emails below, which have not been published elsewhere, paint a picture of Epstein as a man very eager to be at the nexus between private money and public surveillance. While they were hammering out the Reporty investment, Epstein invited Barak to come to a meeting with Thiel, cofounder of PayPal and the surveillance contractor Palantir, in May 2014. Although Barak couldn't make that meeting, Epstein insisted that Barak "spend real time with peter thiel [sic]" and offered to set up a dinner the following month.

Inside Jeffrey Epstein’s spy industry connections

Leaked emails show Epstein’s attempts to dabble in security tech—across borders—in the last years of his life.

^{Matthew Petti (Reason.com)}

Apple's alleged automation mandate spans all major product categories, including the iPhone, iPad, Mac, and Apple Watch. Apple now purportedly expects suppliers to fund their own automation upgrades rather than rely on Apple to finance or subsidize the necessary capital equipment. This policy change diverges from Apple's previous approach, where the company frequently invested in tooling and machinery for contract manufacturers to meet its specifications.

Report: Apple Demands Suppliers Switch to Robotics for Manufacturing

Apple is significantly accelerating the rollout of automation and robotics across its manufacturing supply chain, DigiTimes reports. While Apple...

^{Hartley Charlton (MacRumors.com)}

https://www.nytimes.com/2025/09/01/us/politics/crime-republican-states.html?unlocked_article_code=1.ik8.Mgdo.UlRrDAesGabI

That came in November, filed by Texas Attorney General Ken Paxton and 10 other Republican AGs, accusing three of the biggest asset managers on Wall Street—BlackRock, Vanguard and State Street—of running “an investment cartel” to depress the output of coal and boosting their revenues while pushing up energy costs for Americans. The Trump administration’s Department of Justice and Federal Trade Commission filed a supporting brief in May.

The overall pressure campaign aimed at what’s known as “ESG” is having an impact.

“Over the past several months, through this [lawsuit] and other things, letters from elected officials, state and federal, there has been a chilling effect of what investors are saying,” said Steven Maze Rothstein, chief program officer of Ceres, a nonprofit that advocates for more sustainable business practices and was among the earliest letter recipients. Still, “investors understand that Mother Nature doesn’t know who’s elected governor, attorney general, president.”

Earlier this month, a US District Court judge in Tyler, Texas, declined to dismiss the lawsuit against the three asset managers, though he did dismiss three of the 21 counts. The judge was not making a final decision in the case, only that there was enough evidence to go to trial.

Texas suit alleging anti-coal “cartel” of top Wall Street firms could reshape ESG

It’s a closely watched test of whether corporate alliances on climate efforts violate antitrust laws.

^{Inside Climate News (Ars Technica)}

cross-posted from: programming.dev/post/36686657

Main Report.

::: spoiler 12 Key Findings
1. Age assurance can be done in Australia privately, efficiently and effectively: Age assurance can be done in Australia – our analysis of age assurance systems in the context of Australia demonstrates how they can be private, robust and effective. There is a plethora of choice available for providers of age-restricted goods, content, services, venues or spaces to select the most appropriate systems for their use case with reference to emerging international standards for age assurance.
2. No substantial technological limitations preventing its implementation to meet policy goals: Our evaluation did not reveal any substantial technological limitations that would prevent age assurance systems being used in response to age-related eligibility requirements established by policy makers. We identified careful, critical thinking by providers on the development and deployment of age assurance systems, considering efficacy, privacy, data and security concerns. Some systems were easier for initial implementation and use than others, but the systems of all technology providers with a technology readiness level (TRL) 7 or above were eventually capable of integration to a user journey.
3. Provider claims have been independently validated
against the project’s evaluation criteria: We found that the practice statements provided by age assurance providers with a TRL of 7 or above fairly reflected the technological capabilities of their products, processes or services (to the extent applicable to the Trial’s evaluation criteria). Some of the practice statements provided have needed to be clarified or developed during the course of the Trial, but we observed that they offer a useful option for transparency of the capabilities of the available age assurance systems. Those with a TRL below 7 will need further analysis when their systems mature.
4. A wide range of approaches exist, but there is no one-size-fits-all solution for all contexts: We found a plethora of approaches that fit different use cases in different ways, but we did not find a single ubiquitous solution that would suit all use cases, nor did we find solutions that were guaranteed to be effective in all deployments. The range of possibilities across the Trial participants demonstrate a rich and rapidly evolving range of services which can be tailored and effective depending on each specified context of use.
5. We found a dynamic, innovative and evolving age assurance service sector: We found a vibrant, creative and innovative age assurance service sector with both technologically advanced and deployed solutions and a pipeline of new technologies transitioning from research to minimum viable product to testing and deployment stages indicating an evolving choice and future opportunities for developers. We found private-sector investment and opportunities for growth within the age assurance services sector.
6. We found robust, appropriate and secure data handling practices: We found robust understanding of and internal policy decisions regarding the handling of personal information by Trial participants. The privacy policies and practice statements collated for the Trial demonstrate a strong commitment to privacy by design principles, with consideration of what data was to be collected, stored, shared and then disposed of. Separating age assurance services from those of relying parties was useful as Trial participants providing age assurance services more clearly only used data for the necessary and consented purpose of providing an age assurance result.
7. Systems performed broadly consistently across demographic groups, including Indigenous populations: The systems under test performed broadly consistently across demographic groups assessed and despite an acknowledged deficit in training age analysis systems with data about Indigenous populations, we found no substantial difference in the outcomes for First Nations and Torres Strait Islander Peoples and other multi-cultural communities using the age assurance systems. We found some systems performed better than others, but overall variances across race did not deviate by more than recognised tolerances.
8. There is scope to enhance usability, risk management and system interoperability: We found opportunities for technological improvement including improving ease of use for the average person and enhancing the management of risk in age assurance systems. This could include through one-way blind access to verification of government documents, enabling connection to data holder services (like digital wallets) or improving the handling of a child’s digital footprint as examples.
9. Parental control tools can be effective but may constrain children’s digital participation and evolving autonomy: The Trial found that both parental control and consent systems can be done and can be effective, but they serve different purposes. Parental control systems are pre-configured and ongoing but may fail to adapt to the evolving capacities of children including potential risks to their digital privacy as they grow and mature, particularly through adolescence. Parental consent mechanisms prompt active engagement between children and their parents at key decision points, potentially supporting informed access.
10. Systems generally align with cybersecurity best practice, but vigilance is required: We found that the systems were generally secure and consistent with information security standards, with developers actively addressing known attack vectors including AI-generated spoofing and forgeries. However, the rapidly evolving threat environment means that these systems – while presently fairly robust – cannot be considered infallible. Ongoing monitoring and improvement will help maintain their effectiveness over time. Similarly, continued attention to privacy compliance will support long-term trust and accountability.
11. Unnecessary data retention may occur in apparent anticipation of future regulatory needs: We found some concerning evidence that in the absence of specific guidance, service providers were apparently over-anticipating the eventual needs of regulators about providing personal information for future investigations. Some providers were found to be building tools to enable regulators, law enforcement or Coroners to retrace the actions taken by individuals to verify their age which could lead to increased risk of privacy breaches due to unnecessary and disproportionate collection and retention of data.
12. Providers are aligning to emerging international standards around age assurance: The standards-based approach adopted by the Trial, including through the ISO/IEC 27566 Series [Note 1], the IEEE 2089.1 [Note 2] and the ISO/IEC 25000 [Note 3] series (the Product Quality Model) all provide a strong basis for the development of accreditation of conformity assessment and subsequent certification of individual age assurance providers in accordance with Australia’s standards and conformance infrastructure.
:::

Pro

2025-09-01 11:24:27

Australia’s government trial of age‑assurance tech to keep under‑16s off social media says social media age checks can be done, despite errors and privacy risks

Main Report.

::: spoiler 12 Key Findings
1. Age assurance can be done in Australia privately, efficiently and effectively: Age assurance can be done in Australia – our analysis of age assurance systems in the context of Australia demonstrates how they can be private, robust and effective. There is a plethora of choice available for providers of age-restricted goods, content, services, venues or spaces to select the most appropriate systems for their use case with reference to emerging international standards for age assurance.
2. No substantial technological limitations preventing its implementation to meet policy goals: Our evaluation did not reveal any substantial technological limitations that would prevent age assurance systems being used in response to age-related eligibility requirements established by policy makers. We identified careful, critical thinking by providers on the development and deployment of age assurance systems, considering efficacy, privacy, data and security concerns. Some systems were easier for initial implementation and use than others, but the systems of all technology providers with a technology readiness level (TRL) 7 or above were eventually capable of integration to a user journey.
3. Provider claims have been independently validated
against the project’s evaluation criteria: We found that the practice statements provided by age assurance providers with a TRL of 7 or above fairly reflected the technological capabilities of their products, processes or services (to the extent applicable to the Trial’s evaluation criteria). Some of the practice statements provided have needed to be clarified or developed during the course of the Trial, but we observed that they offer a useful option for transparency of the capabilities of the available age assurance systems. Those with a TRL below 7 will need further analysis when their systems mature.
4. A wide range of approaches exist, but there is no one-size-fits-all solution for all contexts: We found a plethora of approaches that fit different use cases in different ways, but we did not find a single ubiquitous solution that would suit all use cases, nor did we find solutions that were guaranteed to be effective in all deployments. The range of possibilities across the Trial participants demonstrate a rich and rapidly evolving range of services which can be tailored and effective depending on each specified context of use.
5. We found a dynamic, innovative and evolving age assurance service sector: We found a vibrant, creative and innovative age assurance service sector with both technologically advanced and deployed solutions and a pipeline of new technologies transitioning from research to minimum viable product to testing and deployment stages indicating an evolving choice and future opportunities for developers. We found private-sector investment and opportunities for growth within the age assurance services sector.
6. We found robust, appropriate and secure data handling practices: We found robust understanding of and internal policy decisions regarding the handling of personal information by Trial participants. The privacy policies and practice statements collated for the Trial demonstrate a strong commitment to privacy by design principles, with consideration of what data was to be collected, stored, shared and then disposed of. Separating age assurance services from those of relying parties was useful as Trial participants providing age assurance services more clearly only used data for the necessary and consented purpose of providing an age assurance result.
7. Systems performed broadly consistently across demographic groups, including Indigenous populations: The systems under test performed broadly consistently across demographic groups assessed and despite an acknowledged deficit in training age analysis systems with data about Indigenous populations, we found no substantial difference in the outcomes for First Nations and Torres Strait Islander Peoples and other multi-cultural communities using the age assurance systems. We found some systems performed better than others, but overall variances across race did not deviate by more than recognised tolerances.
8. There is scope to enhance usability, risk management and system interoperability: We found opportunities for technological improvement including improving ease of use for the average person and enhancing the management of risk in age assurance systems. This could include through one-way blind access to verification of government documents, enabling connection to data holder services (like digital wallets) or improving the handling of a child’s digital footprint as examples.
9. Parental control tools can be effective but may constrain children’s digital participation and evolving autonomy: The Trial found that both parental control and consent systems can be done and can be effective, but they serve different purposes. Parental control systems are pre-configured and ongoing but may fail to adapt to the evolving capacities of children including potential risks to their digital privacy as they grow and mature, particularly through adolescence. Parental consent mechanisms prompt active engagement between children and their parents at key decision points, potentially supporting informed access.
10. Systems generally align with cybersecurity best practice, but vigilance is required: We found that the systems were generally secure and consistent with information security standards, with developers actively addressing known attack vectors including AI-generated spoofing and forgeries. However, the rapidly evolving threat environment means that these systems – while presently fairly robust – cannot be considered infallible. Ongoing monitoring and improvement will help maintain their effectiveness over time. Similarly, continued attention to privacy compliance will support long-term trust and accountability.
11. Unnecessary data retention may occur in apparent anticipation of future regulatory needs: We found some concerning evidence that in the absence of specific guidance, service providers were apparently over-anticipating the eventual needs of regulators about providing personal information for future investigations. Some providers were found to be building tools to enable regulators, law enforcement or Coroners to retrace the actions taken by individuals to verify their age which could lead to increased risk of privacy breaches due to unnecessary and disproportionate collection and retention of data.
12. Providers are aligning to emerging international standards around age assurance: The standards-based approach adopted by the Trial, including through the ISO/IEC 27566 Series [Note 1], the IEEE 2089.1 [Note 2] and the ISO/IEC 25000 [Note 3] series (the Product Quality Model) all provide a strong basis for the development of accreditation of conformity assessment and subsequent certification of individual age assurance providers in accordance with Australia’s standards and conformance infrastructure.
:::

Part A - Main Report - Age Assurance Technology Trial

This document presents the official report of the Age Assurance Technology Trial, offering a comprehensive overview of its findings, methodologies and key observations.

^{Age Assurance Technology Trial}

cross-posted from: programming.dev/post/36693771

Pro

2025-09-01 14:17:41

China’s chip startups are racing to replace Nvidia

China chip startups race to replace Nvidia amid U.S. export bans - Rest of World

Chinese semiconductor startups like Cambricon, Moore Threads, and Biren are racing to rival Nvidia as U.S. export controls reshape the AI chip market.

^{Viola Zhou (Rest of World)}