Technology

37777 readers
285 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
1
 
 

Hey Beeple and visitors to Beehaw: I think we need to have a discussion about [email protected], community culture, and moderation. First, some of the reasons that I think we need to have this conversation.

  1. Technology got big fast and has stayed Beehaw's most active community.
  2. Technology gets more reports (about double in the last month by a rough hand count) than the next highest community that I moderate (Politics, and this is during election season in a month that involved a disastrous debate, an assassination attempt on a candidate, and a major party's presumptive nominee dropping out of the race)
  3. For a long time, I and other mods have felt that Technology at times isn’t living up to the Beehaw ethos. More often than I like I see comments in this community where users are being abusive or insulting toward one another, often without any provocation other than the perception that the other user’s opinion is wrong.

Because of these reasons, we have decided that we may need to be a little more hands-on with our moderation of Technology. Here’s what that might mean:

  1. Mods will be more actively removing comments that are unkind or abusive, that involve personal attacks, or that just have really bad vibes.
    a. We will always try to be fair, but you may not always agree with our moderation decisions. Please try to respect those decisions anyway. We will generally try to moderate in a way that is a) proportional, and b) gradual.
    b. We are more likely to respond to particularly bad behavior from off-instance users with pre-emptive bans. This is not because off-instance users are worse, or less valuable, but simply that we aren't able to vet users from other instances and don't interact with them with the same frequency, and other instances may have less strict sign-up policies than Beehaw, making it more difficult to play whack-a-mole.
  2. We will need you to report early and often. The drawbacks of getting reports for something that doesn't require our intervention are outweighed by the benefits of us being able to get to a situation before it spirals out of control. By all means, if you’re not sure if something has risen to the level of violating our rule, say so in the report reason, but I'd personally rather get reports early than late, when a thread has spiraled into an all out flamewar.
    a. That said, please don't report people for being wrong, unless they are doing so in a way that is actually dangerous to others. It would be better for you to kindly disagree with them in a nice comment.
    b. Please, feel free to try and de-escalate arguments and remind one another of the humanity of the people behind the usernames. Remember to Be(e) Nice even when disagreeing with one another. Yes, even Windows users.
  3. We will try to be more proactive in stepping in when arguments are happening and trying to remind folks to Be(e) Nice.
    a. This isn't always possible. Mods are all volunteers with jobs and lives, and things often get out of hand before we are aware of the problem due to the size of the community and mod team.
    b. This isn't always helpful, but we try to make these kinds of gentle reminders our first resort when we get to things early enough. It’s also usually useful in gauging whether someone is a good fit for Beehaw. If someone responds with abuse to a gentle nudge about their behavior, it’s generally a good indication that they either aren’t aware of or don’t care about the type of community we are trying to maintain.

I know our philosophy posts can be long and sometimes a little meandering (personally that's why I love them) but do take the time to read them if you haven't. If you can't/won't or just need a reminder, though, I'll try to distill the parts that I think are most salient to this particular post:

  1. Be(e) nice. By nice, we don't mean merely being polite, or in the surface-level "oh bless your heart" kind of way; we mean be kind.
  2. Remember the human. The users that you interact with on Beehaw (and most likely other parts of the internet) are people, and people should be treated kindly and in good-faith whenever possible.
  3. Assume good faith. Whenever possible, and until demonstrated otherwise, assume that users don't have a secret, evil agenda. If you think they might be saying or implying something you think is bad, ask them to clarify (kindly) and give them a chance to explain. Most likely, they've communicated themselves poorly, or you've misunderstood. After all of that, it's possible that you may disagree with them still, but we can disagree about Technology and still give one another the respect due to other humans.
2
3
 
 

I just received notice about this as being a potential Class Member.

4
 
 

Saudi Arabia is hosting a major United Nations conference on internet governance while dozens of people remain imprisoned for peaceful online speech, Human Rights Watch said today. The 19th annual meeting of the Internet Governance Forum (IGF) will be held from December 15 to 19 in Riyadh, under the theme of “Building our Multistakeholder Digital Future.” The annual forum features multistakeholder policy dialogue on internet-related public policy issues.

“Saudi authorities have engaged in a sustained assault on online freedom of expression, yet are now playing hosts to a global internet conference,” said Joey Shea, Saudi Arabia researcher at Human Rights Watch. “If the Saudi government is indeed serious about digital rights, the authorities should immediately release the scores of activists imprisoned for online freedom of expression.”

[...]

Many are charged under the Saudi Arabia’s abusive counterterrorism law, and the authorities conduct invasive surveillance of civil society members at home and abroad.

[...]

5
6
7
 
 

Meta, the parent company of Facebook and Instagram, has donated $1m (£786,000) to an inauguration fund for President-elect Donald Trump.

The tech giant's boss, Mark Zuckerberg, dined with Trump at his Mar-a-Lago resort in November, having sought to repair his and his firm's relationship with Trump following the election.

Trump has previously been highly critical of Mr Zuckerberg and Facebook - calling the platform "anti-Trump" in 2017.

Meta is not believed to have made similar donations to President Joe Biden's inaugural fund in 2020 or to Trump's previous inaugural fund in 2016.

The company confirmed its million-dollar donation to the inaugural fund to several outlets on Wednesday.

8
9
 
 

Original version in German and behind paywall.

Buyers of solar modules from China may have to get used to higher prices. According to a report by the German newspaper Frankfurter Allgemeine Zeitung (FAZ), China’s solar companies have merged into a kind of cartel. The agreement aims to limit production in that there should be quotas based on the market share of the participating groups.

Experts say the initiative is similar to OPEC, the organization of oil exporting countries, just for solar modules.

A total of 33 companies, which account for around 90 percent of China’s production of solar modules, have agreed to reduce their production, the FAZ quoted by the Chinese business newspaper Yicai. Other reports also mentioned lower prices. The corporations apparently even agreed on an enforcement mechanism. The industry association will visit the factories to determine the exact capacities. Anyone who wants to start new factories in the future must shut down old ones.

In addition, penalties were agreed for breaches of contract. Companies that were among the early signatories of the pact would be favoured and receive higher production quotas. The German paper, however, also points out that the reports and industry rumours are currently not verifiable.

The move by China’s PV sector follows a similar move by its wind energy majors, who have also promised to collaborate to weed out ‘irrational pricing; from the market for the broader good of the industry, as per Business Times Singapore.

China’s solar majors dominate the global PV sector as well have faced a series of strong headwinds in the past 15 months, facing a perfect storm of overcapacity, followed by high inventory levels, price crashes and now, protective tariffs in many key markets, notably, India the US and possibly Europe soon.

[Edit typo.]

10
11
 
 

Python security developer-in-residence decries use of bots that 'cannot understand code'

Software vulnerability submissions generated by AI models have ushered in a "new era of slop security reports for open source" – and the devs maintaining these projects wish bug hunters would rely less on results produced by machine learning assistants.

Seth Larson, security developer-in-residence at the Python Software Foundation, raised the issue in a blog post last week, urging those reporting bugs not to use AI systems for bug hunting.

"Recently I've noticed an uptick in extremely low-quality, spammy, and LLM-hallucinated security reports to open source projects," he wrote, pointing to similar findings from the Curl project in January. "These reports appear at first glance to be potentially legitimate and thus require time to refute."

Larson argued that low-quality reports should be treated as if they're malicious.

As if to underscore the persistence of these concerns, a Curl project bug report posted on December 8 shows that nearly a year after maintainer Daniel Stenberg raised the issue, he's still confronted by "AI slop" – and wasting his time arguing with a bug submitter who may be partially or entirely automated.

In response to the bug report, Stenberg wrote:

We receive AI slop like this regularly and at volume. You contribute to [the] unnecessary load of Curl maintainers and I refuse to take that lightly and I am determined to act swiftly against it. Now and going forward.

You submitted what seems to be an obvious AI slop 'report' where you say there is a security problem, probably because an AI tricked you into believing this. You then waste our time by not telling us that an AI did this for you and you then continue the discussion with even more crap responses – seemingly also generated by AI.

Spammy, low-grade online content existed long before chatbots, but generative AI models have made it easier to produce the stuff. The result is pollution in journalism, web search, and of course social media.

For open source projects, AI-assisted bug reports are particularly pernicious because they require consideration and evaluation from security engineers – many of them volunteers – who are already pressed for time.

Larson told The Register that while he sees relatively few low-quality AI bug reports – fewer than ten each month – they represent the proverbial canary in the coal mine.

"Whatever happens to Python or pip is likely to eventually happen to more projects or more frequently," he warned. "I am concerned mostly about maintainers that are handling this in isolation. If they don't know that AI-generated reports are commonplace, they might not be able to recognize what's happening before wasting tons of time on a false report. Wasting precious volunteer time doing something you don't love and in the end for nothing is the surest way to burn out maintainers or drive them away from security work."

Larson argued that the open source community needs to get ahead of this trend to mitigate potential damage.

"I am hesitant to say that 'more tech' is what will solve the problem," he said. "I think open source security needs some fundamental changes. It can't keep falling onto a small number of maintainers to do the work, and we need more normalization and visibility into these types of open source contributions.

"We should be answering the question: 'how do we get more trusted individuals involved in open source?' Funding for staffing is one answer – such as my own grant through Alpha-Omega – and involvement from donated employment time is another."

While the open source community mulls how to respond, Larson asks that bug submitters not submit reports unless they've been verified by a human – and don't use AI, because "these systems today cannot understand code." He also urges platforms that accept vulnerability reports on behalf of maintainers to take steps to limit automated or abusive security report creation.

12
13
14
15
 
 

Archived version

Researchers at the Lookout Threat Lab have discovered a surveillance family, dubbed EagleMsgSpy, used by law enforcement in China to collect extensive information from mobile devices. Lookout has acquired several variants of the Android-targeted tool; internal documents obtained from open directories on attacker infrastructure also allude to the existence of an iOS component that has not yet been uncovered.

  • EagleMsgSpy is a lawful intercept surveillance tool developed by a Chinese software development company with use by public security bureaus in mainland China.
  • Early samples indicate the surveillance tool has been operational since at least 2017, with development continued into late 2024.
  • The surveillanceware consists of two parts: an installer APK, and a surveillance client that runs headlessly on the device when installed.
  • EagleMsgSpy collects extensive data from the user: third-party chat messages, screen recording and screenshot capture, audio recordings, call logs, device contacts, SMS messages, location data, network activity.
  • Infrastructure overlap and artifacts from open command and control directories allow us to attribute the surveillanceware to Wuhan Chinasoft Token Information Technology Co., Ltd. (武汉中软通证信息技术有限公司) with high confidence.
  • EagleMsgSpy appears to require physical access to a target device in order to activate the information gathering operation by deploying an installer module that's then responsible for delivering the core payload.

Connections to other Chinese Surveillanceware Apps

Infrastructure sharing SSL certificates with EagleMsgSpy C2 servers was also used by known Chinese surveillance tools in earlier campaigns, the report says.

A sample of CarbonSteal - a surveillance tool discovered by Lookout and attributed to Chinese APTs - was observed communicating with another IP tied to the EagleMsgSpy SSL certificate, 119.36.193[.]210. This sample, created in July 2016, masquerades as a system application called “AutoUpdate”.

In a 2020 threat advisory, Lookout researchers detailed CarbonSteal activity in campaigns targeting minorities in China, including Uyghurs and Tibetans.

Significant overlap in signing certificates, infrastructure and code was observed between CarbonSteal and other known Chinese surveillance, including Silkbean, HenBox, DarthPusher, DoubleAgent and PluginPhantom.

16
17
 
 

cross-posted from: https://beehaw.org/post/17509380

Archived

Here is the full report (pdf, 28 pages)

China is rapidly advancing its global propaganda strategies through international communication centers (ICCs), with over 100 centers established since 2018 — most since 2023. These centers aim to amplify the Chinese Communist Party's (CCP) voice on the international stage, targeting specific audiences with tailored messaging (a strategy known as “precise communication”). ICCs coordinate local, national, and international resources to build China's image, share political narratives, and promote economic partnerships.

By leveraging inauthentic social media amplification, foreign influencers, and collaborations with overseas media, ICCs advance China’s multi-layered propaganda approach. For instance, Fujian's ICC reportedly manages TikTok accounts targeting Taiwanese audiences, likely including a covert account that is highly critical of the Taiwan government called Two Tea Eggs. On YouTube, the same ICC promotes videos of Taiwanese individuals praising China. These centers are strategically positioned to promote China's interests during geopolitical crises, despite challenges like limited credibility and resource constraints.

[...]

ICCs employ various tactics to achieve their objectives. Social media operations form a core component of their strategy, with thousands of accounts active across platforms like Facebook, YouTube, and TikTok. Many of these accounts lack transparency about their state affiliations, enabling covert influence campaigns. Additionally, ICCs leverage foreign influencers and “communication officers” to amplify China’s narratives through user-generated content, vlogs, and experiential propaganda.

Collaboration with overseas media organizations further enhances ICCs' reach and legitimacy. Through actions like organizing foreign journalist visits to China, ICCs create an impression of organic coverage and offer an alternative to Western narratives. These partnerships — reportedly established in Australia, Brazil, Cambodia, Egypt, France, Japan, Russia, the United States, and elsewhere — are complemented by localized propaganda activities that align with China’s economic and geopolitical interests.

[...]

18
19
 
 

cross-posted from: https://lemmy.world/post/22994927

On Tuesday, an international team of researchers unveiled BadRAM, a proof-of-concept attack that completely undermines security assurances that chipmaker AMD makes to users of one of its most expensive and well-fortified microprocessor product lines. Starting with the AMD Epyc 7003 processor, a feature known as SEV-SNP—short for Secure Encrypted Virtualization and Secure Nested Paging—has provided the cryptographic means for certifying that a VM hasn’t been compromised by any sort of backdoor installed by someone with access to the physical machine running it.

20
21
22
23
24
 
 

Friends, please help me out with this frustrating issue. There are green crosshair highlights showing up every time I click on a cell in an Excel spreadsheet (the row and column corresponding to that particular cell are automatically highlighted). It's extremely distracting, and what baffles me is that many of the online solutions and videos are not helping! I have tried pressing Escape many times, have tried this after rebooting device and Excel application, clear conditional formatting. Further, I am not seeing any of the "Enable Pointer Shadow" or other setting descriptions under my Excel Advanced Display options, contrary to the instructions provided on Chatgpt and Youtube videos. Thank you for any help you can share!

25
 
 

Archived

It's no secret that President Xi Jinping's government uses technology companies to help maintain the nation's massive surveillance apparatus.

But in addition to forcing businesses operating in China to stockpile and hand over info about their users for censorship and state-snooping purposes, a black market for individuals' sensitive data is also booming. Corporate and government insiders have access to this harvested private info, and the financial incentives to sell the data to fraudsters and crooks to exploit.

...

"The data is being collected by rich and powerful people that control technology companies and work in the government, but it can also be used against them in all of these scams and fraud and other low-level crimes," [SpyCloud infosec researcher Aurora] Johnson says.

...

To get their hands on the personal info, Chinese data brokers often recruit shady insiders with wanted ads seeking "friends" working in government, and promise daily income of 20,000 to 70,000 yuan ($2,700 and $9,700) in exchange for harvested information. This data is then used to pull off scams, fraud, and suchlike.

Some of these data brokers also claim to have "signed formal contracts" with the big three Chinese telecom companies: China Mobile, China Unicom, and China Telecom. The brokers' marketing materials tout they are able to legally obtain and sell details of people's internet habits via the Chinese telcos' deep packet inspection systems, which monitor as well as manage and store network traffic. (The West has also seen this kind of thing.)

Crucially, this level of surveillance by the telcos gives their employees access to users' browsing data and other info, which workers can then swipe and then resell themselves through various brokers.

...

"There is a huge ecosystem of Chinese breached and leaked data, and I don't know that a lot of Western cybersecurity researchers are looking at this," Johnson continued. "It poses privacy risks to all Chinese people across all groups. And then it also gives us Western cybersecurity researchers a really interesting source to track some of these actors that have been targeting critical infrastructure."

view more: next ›