Technology

cross-posted from: https://lemmy.ca/post/35754549

Youtube

Archived version

The Russian disinformation network “Matryoshka” has launched a new campaign on the Bluesky social network. Eliot Higgins, founder of the investigative journalism group Bellingcat, has been one of the first researchers to detect its activity. So far, four Russian-made fake videos have been identified on the platform.

Each disinformation video begins with a real person — a professor, a student from a top university, or a recognized expert — introducing themselves and beginning to speak on a topic unrelated to Russia’s war in Ukraine. The footage then transitions to segments that do not show the speaker on screen — while what sounds like their voice continues narrating. In these moments, the speaker seems to promote claims that the West should end its support for Ukraine, that Europe should align its future with Russia, and that Volodymyr Zelensky is a dictator — or even a vampire.

[...]

The videos circulating on Bluesky had previously appeared on X, according to the Bot Blocker project (@antibot4navalny), which first uncovered and detailed the workings of the Matryoshka network in early 2024.

[...]

I just set up my Loops account in order to beta test the iOS app.

Uploaded my first video here: https://loops.video/v/5s_wUUCHsZ

So far so good.

Archived link

Opinionated article by Alexander Hanff, a computer scientist and privacy technologist who helped develop Europe's GDPR (General Data Protection Regulation) and ePrivacy rules.

We cannot allow Big Tech to continue to ignore our fundamental human rights. Had such an approach been taken 25 years ago in relation to privacy and data protection, arguably we would not have the situation we have to today, where some platforms routinely ignore their legal obligations at the detriment of society.

Legislators did not understand the impact of weak laws or weak enforcement 25 years ago, but we have enough hindsight now to ensure we don’t make the same mistakes moving forward. The time to regulate unlawful AI training is now, and we must learn from mistakes past to ensure that we provide effective deterrents and consequences to such ubiquitous law breaking in the future.

Albania's prime minister has announced the government intends to block access to TikTok for one year after the killing of a schoolboy last month raised fears about the influence of social media on children.

Speaking on Saturday Edi Rama declared the proposed ban would start in January.

[...]

The blocking of TikTok comes less than a month after the 14-year-old student was killed and another injured in a fight near a school in southern Tirana which had its roots in a confrontation on social media.

The killing sparked a debate in Albania among parents, psychologists and educational institutions about the impact of social networks on young people.

"In China, TikTok promotes how students can take courses, how to protect nature, how to keep traditions, but on the TikTok outside China we see only scum and mud. Why do we need this?", Rama said.

TikTok is already banned in India, which was one of the app's largest markets before it was outlawed in June 2020. It is also blocked in Iran, Nepal, Afghanistan and Somalia.

TikTok is also fighting against a law passed by the US Congress which would ban the app from 19 January unless it is sold by ByteDance - its Chinese parent

company.

Archived version

Download study (pdf)

GitHub, the de-facto platform for open-source software development, provides a set of social-media-like features to signal high-quality repositories. Among them, the star count is the most widely used popularity signal, but it is also at risk of being artificially inflated (i.e., faked), decreasing its value as a decision-making signal and posing a security risk to all GitHub users.

A recent paper by Cornell University published on Arxiv, the researchers present a systematic, global, and longitudinal measurement study of fake stars in GitHub: StarScout, a scalable tool able to detect anomalous starring behaviors (i.e., low activity and lockstep) across the entire GitHub metadata.

Analyzing the data collected using StarScout, they find that:

(1) fake-star-related activities have rapidly surged since 2024

(2) the user profile characteristics of fake stargazers are not distinct from average GitHub users, but many of them have highly abnormal activity patterns

(3) the majority of fake stars are used to promote short-lived malware repositories masquerading as pirating software, game cheats, or cryptocurrency bots

(4) some repositories may have acquired fake stars for growth hacking, but fake stars only have a promotion effect in the short term (i.e., less than two months) and become a burden in the long term.

The study has implications for platform moderators, open-source practitioners, and supply chain security researchers.

Archived

Here is the report (pdf) -- (archived)

Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching.

The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the account holder with any indication of trouble.

[Edit to insert the original link to the Oasis site.]

Brian Merchant and Paris Marx are back with the very first guest of System Crash: Molly White! With Molly’s help, we walk through the biggest stories in the crypto world. We explore the resurgence of crypto, how its backers influenced the election and won Trump’s favor, what the crypto industry wants from the incoming administration—and how it plans to wield power.

The gig economy’s labor model and its algorithmic management technologies now have a foothold in one of the largest labor sectors in the country: health care. On-demand nursing companies such as CareRev, Clipboard Health, ShiftKey, and ShiftMed have promised hospitals more control and nurses more flexibility. Through original interviews with 29 “gig” nurses and nursing assistants, this brief finds that these apps encourage nurses to work for less pay, fail to provide certainty about scheduling and the amount or nature of work, take little to no accountability for worker safety, and can threaten patient well-being by placing nurses in unfamiliar clinical environments with no onboarding or facility training. On-demand nursing platforms are also using the Uber playbook to lobby state legislatures in an attempt to exempt themselves from existing labor regulations. In the wake of the COVID-19 pandemic, nurses have fled the profession as a result of poor working conditions, creating what some have incorrectly identified as a “nursing shortage.” As gig nursing platforms falsely promise to empower workers and meet their needs, it is up to legislators, policymakers, civic leaders, and community organizations to act to solve the real problems at the root of this crisis.

Original article paywalled

Authorities in the US are considering a ban on TP-Link internet routers over national security concerns due to their repeated links to Chinese cyberattacks. Investigators at the Commerce, Defense, and Justice departments have all launched probes into the company [...] with TP-Link reportedly being subpoenaed by an office of the Commerce Department.

[...]

TP-Link holds roughly 65 percent of the US router market for homes and small businesses, and its internet communications products are used by the Defense Department and other federal government agencies. The company’s market dominance is at least partly driven by the extreme low cost of its routers. The US Justice Department is investigating whether TP-Link sells products for less than they cost to produce in violation of a law that prohibits attempts at monopolies.

[...]

Study download: Progress in Diversifying the Global Solar PV Supply Chain (pdf)

TLDR:

Until the end of this decade, China and Chinese manufacturers will retain some domination over the global solar PV chain. However, the global solar PV supply chain is becoming more robust thanks to the diversification of crystalline silicon modules manufacturing capacity in the United States, Europe, Southeast Asia, and India, according to a report by Japan's Renewable Energy Institute.

In the 2030s, improvements in solar PV recycling and the widespread adoption of new technologies like perovskite cells, which development is led by China (glass substrate) and Japan (film substrate), will provide new opportunities to further diversify the global solar PV supply chain.

This progress will strengthen worldwide energy security and facilitate the much-needed acceleration of the energy transition.

Geographic concentration of the global solar supply chain exposes the supply chain to some drawbacks, the report finds. The potential disruption risks associated with this type of concentration include natural hazards such as earthquakes and fires, and extreme weather events such as drought and flooding. "For instance, in 2020 and 2022, the global production of polysilicon was reduced because of flooding and fire issues at a handful of Chinese plants," the study says.

The report also mentions both the situation in China's Xinjiang region and Uyghur forced labour as well as China's coal intensity as concerns with China's dominance of global solar supply chain as main drivers of diversification. While citing "human rights violations, unfair trade practices, and environmental pollution," the study criticizes that "the lack of transparency [across supply chains within China] has made it increasingly difficult to verify whether supply chains are free from risk of Uyghur forced labor and reduces trust in the solar industry."

Key Findings:

• As of September 2024, 99% of the world’s solar PV modules manufacturing capacity was based on crystalline silicon because this technology is inexpensive, performant, and durable. Approximately three-fourths of the economic value of crystalline silicon modules come from four minerals: silicon, silver, aluminum, and copper, which productions are generally not excessively geographically concentrated.

• Throughout the entire solar PV supply chain (i.e., polysilicon, ingots, wafers, cells, and modules), the shares of China and Chinese manufacturers often largely exceeded 80% and they were sometimes close to 100%. It is undesirable for any supply chain to be so dependent on a single country. This is the reason why diversification efforts are led across the world (e.g., United States, Europe, Japan, Southeast Asia and India).

• The Chinese industry dominates the solar PV supply chain because it has managed to maximize economies of scale and because it is well-organized around vertically integrated companies. Moreover, the Chinese solar PV industry is innovative and effectively supported by its government. Also, it benefits from affordable electricity prices, which is critical as solar PV manufacturing is electricity intensive.

• The Chinese solar PV industry is confronted with harsh criticisms due to human rights violations, unfair trade practices, and environmental pollution due to its reliance on coal power. Furthermore, China’s aggressive export strategy is blamed for solar PV products oversupply resulting in rock-bottom prices and economic losses.

• In the United States, a combination of subsidies (i.e., tax credits) and protectionist measures have been implemented. Many new projects have been announced, they now need to be realized.

• Europe tries to balance its own interests between increasing its manufacturing capacity and taking advantage of cheap Chinese imports. So far, priority has been given to demand over domestic supply as reducing electricity prices and greenhouse gas emissions are deemed more urgent issues.

• Japan puts the emphasis on perovskite cells, a promising technology that is not fully ready for commercial deployment yet. This strategy should, however, not be used as an excuse for not more proactively installing crystalline silicon. Affordable and rapid decarbonization does not need to wait for perovskite to become mainstream.

• Despite catching less attention, Southeast Asia and India significantly contribute to the diversification of the solar PV supply chain. In Southeast Asia, labor costs are low, and energy is subsidized. In India domestic-content requirements and customs duties have been implemented.

• In addition to these efforts, solar PV recycling and new technologies, like perovskite, hold the potential to be alternatives to Chinese crystalline silicon modules in the 2030s. To take off, these solutions need more governmental support.

Seen on Bluesky minutes ago.

From the mission page:

We're betting on services built on open protocols like ActivityPub and ATProto, and focused on making it easier to connect and move between platforms. We will work directly with developers to continue ensuring competition in the open social web, with a focus on advocating for users every step of the way.