After a 7.1 tremor struck southwestern Japan on Thursday, the country's meteorological agency issued its first-ever alert for a possible "megaquake." It marks the first time the warning has been issued under new rules drawn up after a 2011 earthquake, tsunami and nuclear disaster killed almost 20,000 people. Phys.org reports: The JMA's "megaquake advisory" warns that "if a major earthquake were to occur in the future, strong shaking and large tsunamis would be generated." "The likelihood of a new major earthquake is higher than normal, but this is not an indication that a major earthquake will definitely occur during a specific period of time," it added. The advisory concerns the Nankai Trough "subduction zone" between two tectonic plates in the Pacific Ocean, where massive earthquakes have hit in the past. [...]

Japan's government has previously said the next magnitude 8-9 megaquake along the Nankai Trough has a roughly 70 percent probability of striking within the next 30 years. In the worst-case scenario 300,000 lives could be lost, experts estimate, with some engineers saying the damage could reach $13 trillion with infrastructure wiped out. "The history of great earthquakes at Nankai is convincingly scary," geologists Kyle Bradley and Judith A Hubbard wrote in their Earthquake Insights newsletter. And "while earthquake prediction is impossible, the occurrence of one earthquake usually does raise the likelihood of another", they explained. "A future great Nankai earthquake is surely the most long-anticipated earthquake in history -- it is the original definition of the 'Big One'."

Bruce66423 writes: Sellafield [U.K.'s largest nuclear site] has apologised after pleading guilty to criminal charges relating to a string of cybersecurity failings at Britain's most hazardous nuclear site, which it admitted could have threatened national security.

Among the failings at the vast nuclear waste dump in Cumbria was the discovery that 75% of its computer servers were vulnerable to cyber-attacks, Westminster magistrates court in London heard. Information that could threaten national security was left exposed for four years, the nuclear watchdog revealed, and Sellafield said it had been performing critical IT health checks that were not, in fact, being carried out.

The Guardian's investigation also revealed concerns about external contractors being able to plug memory sticks into Sellafield's system while unsupervised and that its computer servers were deemed so insecure that the problem was nicknamed Voldemort after the Harry Potter villain because it was so sensitive and dangerous.

The good news is that the problem has been spotted. The bad news is that there can be no meaningful punishment for a government owned company. One can only hope that they will do better in the future.

Microsoft researchers said on Friday that Iran government-tied hackers tried breaking into the account of a "high ranking official" on the U.S. presidential campaign in June, weeks after breaching the account of a county-level U.S. official. From a report: The breaches were part of Iranian groups' increasing attempts to influence the U.S. presidential election in November, the researchers said in a report that did not provide any further detail on the "official" in question.

The report follows recent statements by senior U.S. Intelligence officials that they'd seen Iran ramp up use of clandestine social media accounts with the aim to use them to try to sow political discord in the United States. Iran's mission to the United Nations in New York told Reuters in a statement that its cyber capabilities were "defensive and proportionate to the threats it faces" and that it had no plans to launch cyber attacks.

Security researcher Grant Smith uncovered a large-scale smishing scam where scammers posing as the USPS tricked victims into providing their credit card details through fake websites. Smith hacked into the scammers' systems, gathered evidence, and collaborated with the USPS and a US bank to protect over 438,000 unique credit cards from fraudulent activity. Wired reports: The flood of text messages started arriving early this year. They carried a similar thrust: The United States Postal Service is trying to deliver a parcel but needs more details, including your credit card number. All the messages pointed to websites where the information could be entered. Like thousands of others, security researcher Grant Smith got a USPS package message. Many of his friends had received similar texts. A couple of days earlier, he says, his wife called him and said she'd inadvertently entered her credit card details. With little going on after the holidays, Smith began a mission: Hunt down the scammers. Over the course of a few weeks, Smith tracked down the Chinese-language group behind the mass-smishing campaign, hacked into their systems, collected evidence of their activities, and started a months-long process of gathering victim data and handing it to USPS investigators and a US bank, allowing people's cards to be protected from fraudulent activity.

In total, people entered 438,669 unique credit cards into 1,133 domains used by the scammers, says Smith, a red team engineer and the founder of offensive cybersecurity firm Phantom Security. Many people entered multiple cards each, he says. More than 50,000 email addresses were logged, including hundreds of university email addresses and 20 military or government email domains. The victims were spread across the United States -- California, the state with the most, had 141,000 entries -- with more than 1.2 million pieces of information being entered in total. "This shows the mass scale of the problem," says Smith, who is presenting his findings at the Defcon security conference this weekend and previously published some details of the work. But the scale of the scamming is likely to be much larger, Smith says, as he didn't manage to track down all of the fraudulent USPS websites, and the group behind the efforts have been linked to similar scams in at least half a dozen other countries.

FTX has been ordered to pay $12.7 billion in relief to its customers, according to the Commodity Futures Trading Commission (CFTC). In a statement, CFTC Chairman Rostin Behnam said the crypto exchange drew customers in with "an illusion that it was a safe and secure place to access crypto markets," then misappropriated their customer deposits to make its own risky investments. Reuters reports: The repayment order implements a settlement between the CFTC and the bankrupt crypto exchange, which has committed to a bankruptcy liquidation that will repay customers whose deposits were locked during its late 2022 collapse. FTX has said that its customers will receive 100% recovery on their claims against the company, based on the value of their accounts at the time it filed for bankruptcy. The CFTC agreement resolves a potential roadblock to that repayment, ensuring that the government's lawsuit against FTX will not reduce the funds available to its customers. The CFTC agreed not to collect any payment from FTX until all its customers are repaid, with interest.

The CFTC settlement requires FTX to pay $8.7 billion in restitution and $4 billion in disgorgement, which will be used to further compensate victims for losses suffered during the exchange's collapse. [...] FTX is currently soliciting votes on its bankruptcy proposal but faces opposition from some customers who feel short-changed by the decision to repay them based on much-lower cryptocurrency prices from November 2022. Votes are due on Aug. 16, and FTX intends to seek final approval of its wind-down plan on Oct. 7.

An anonymous reader quotes a report from The Guardian: Amazon's $4 billion investment into US artificial intelligence startup Anthropic is to be examined in the latest investigation into technology tie-ups by the UK's competition watchdog. The Competition and Markets Authority (CMA) said on Thursday that it was launching a preliminary investigation into the deal, before deciding whether to refer it for an in-depth review. The deal, announced in March, included a $4 billion investment in Anthropic from Amazon, and a commitment from Anthropic to use Amazon Web Services "as its primary cloud provider for mission critical workloads, including safety research and future foundation model development." The regulator said it was "considering whether it is or may be the case that Amazon's partnership with Anthropic has resulted in the creation of a relevant merger situation." "We are an independent company. Our strategic partnerships and investor relationships do not diminish our corporate governance independence or our freedom to partner with others," said an Anthropic spokesperson said in a statement. "Amazon does not have a seat on Anthropic's board, nor does it have any board observer rights. We intend to cooperate with the CMA and provide them with a comprehensive understanding of Amazon's investment and our commercial collaboration."

The founder of Cambridge-based Riverlane, Steve Brierley, predicts quantum computing will have its "Sputnik" breakthrough within years. "Quantum computing is not going to be just slightly better than the previous computer, it's going to be a huge step forward," he said. Phys.org reports: His company produces the world's first dedicated quantum decoder chip, which detects and corrects the errors currently holding the technology back. In a sign of confidence in Riverlane's work and the sector in general, the company announced on Tuesday that it had raised $75 million in Series C funding, typically the last round of venture capital financing prior to an initial public offering. "Over the next two to three years, we'll be able to get to systems that can support a million error-free operations," said Earl Campbell, vice president of quantum science at Riverlane. This is the threshold where a quantum computer should be able to perform certain tasks better than conventional computers, he added.

Quantum computers are "really good at simulating other quantum systems", explained Brierley, meaning they can simulate interactions between particles, atoms and molecules. This could open the door to revolutionary medicines and also promises huge efficiency improvements in how fertilizers are made, transforming an industry that today produces around two percent of global CO2 emissions. It also paves the way for much more efficient batteries, another crucial weapon in the fight against climate change. "I think most people are more familiar with exponential after COVID, so we know how quickly something that's exponential can spread," said Campbell, inside Riverlane's testing lab, a den of oscilloscopes and chipboards. [...]

While today's quantum computers can only perform around 1,000 operations before being overwhelmed by errors, the quality of the actual components has "got to the point where the physical qubits are good enough," said Brierley. "So this is a super exciting time. The challenge now is to scale up... and to add error correction into the systems," he added. Such progress, along with quantum computing's potential to crack all existing cryptography and create potent new materials, is spurring regulators into action. "There's definitely a scrambling to understand what's coming next in technology. It's really important that we learn the lessons from AI, to not be surprised by the technology and think early about what those implications are going to be," said Brierley. "I think there will ultimately be regulation around quantum computing, because it's such an important technology. And I think this is a technology where no government wants to come second."

An anonymous reader quotes a report originally published by Business Insider: A Chinese state-backed company has launched its first 18 satellites in its bid to build a vast orbital network aimed at rivaling Starlink, according to local media. The launch on Monday by Shanghai Spacecom Satellite Technology involved 18 satellites and one rocket, per The China Securities Journal, which is run by state news agency Xinhua. According to the outlet, the rocket lifted off from the Taiyuan satellite and missile launch center in Shanxi province.

These satellites mark the first step in the company's effort to create a 15,000-strong network of Low Earth Orbit satellites, which the firm has dubbed the "Thousand Sails Constellation." The company said it plans to reach that final tally by 2030, per The China Securities Journal. Domestic media has widely called the project the Chinese version of Starlink, which runs about 6,000 satellites. Elon Musk has said that he plans to eventually host a network of 42,000 satellites.

The Thousand Sails Constellation, also known as the G60 project, is one of three planned major satellite networks in the country. Each is expected to field 10,000 or more satellites. Most are anticipated to orbit between 200 and 1,200 miles above the Earth's surface, which is also where Starlink satellites are generally found. The three constellations, along with dozens of ambitious space projects from other Chinese firms, have been fueled by a recent push from the central government to loop the private sector into its science and technology goals.

An anonymous reader quotes a report from the Associated Press: The government of Australia's most populous state ordered all public employees to work from their offices by default beginning Tuesday and urged stricter limits on remote work, after news outlets provoked a fraught debate about work-from-home habits established during the pandemic. Chris Minns, the New South Wales premier, said in a notice to agencies Monday that jobs could be made flexible by means other than remote working, such as part-time positions and role sharing, and that "building and replenishing public institutions" required "being physically present." His remarks were welcomed by business and real estate groups in the state's largest city, Sydney, who have decried falling office occupancy rates since 2020, but denounced by unions, who pledged to challenge the initiative if it was invoked unnecessarily.

The instruction made the state's government, Australia's largest employer with more than 400,000 staff, the latest among a growing number of firms and institutions worldwide to attempt a reversal of remote working arrangements introduced as the coronavirus spread. But it defied an embrace of remote work by the governments of some other Australian states, said some analysts, who suggested lobbying by a major newspaper prompted the change. "It seems that the Rupert Murdoch-owned Daily Telegraph in Sydney has been trying to get the New South Wales government to mandate essentially that workers go back to the office," said Chris F. Wright, an associate professor in the discipline of work at the University of Sydney. The newspaper cited prospective economic boons for struggling businesses.

The newspaper wrote Tuesday that the premier's decision "ending the work from home era" followed its urging, although Minns did not name it as a factor. But the union representing public servants said there was scant evidence for the change and warned the state government could struggle to fill positions. "Throughout the New South Wales public sector, they're trying to retain people," said Stewart Little, the General Secretary of the Public Service Association. "In some critical agencies like child protection we're looking at 20% vacancy rates, you're talking about hundreds of jobs." Little added that government offices have shrunk since 2020 and agencies would be unable to physically accommodate every employee on site. Minns said the state would lease more space, according to the Daily Telegraph. Further reading: Ordered Back To the Office, Top Tech Talent Left Instead, Study Finds

An anonymous reader quotes a report from the Washington Post: For the first time in 40 years, the Environmental Protection Agency has taken emergency action to stop the use of a pesticide (source may be paywalled; alternative source) linked to serious health risks for unborn babies. Tuesday's emergency order applies to dimethyl tetrachloroterephthalate, also known as DCPA, a weedkiller used on crops such as broccoli, Brussels sprouts, cabbage and onions. When pregnant farmworkers and others are exposed to the pesticide, their babies can experience changes to fetal thyroid hormone levels, which are linked to low birth weight, impaired brain development, decreased IQ and impaired motor skills later in life.

"DCPA is so dangerous that it needs to be removed from the market immediately," Michal Freedhoff, assistant administrator for the EPA's Office of Chemical Safety and Pollution Prevention, said in a statement. "It's EPA's job to protect people from exposure to dangerous chemicals. In this case, pregnant women who may never even know they were exposed could give birth to babies that experience irreversible lifelong health problems." The European Union banned DCPA in 2009. But the EPA has been slower to act, frustrating some environmental and public health advocates.

In an interview, Freedhoff said that EPA scientists have tried for years to get more information on health risks from the sole manufacturer of the pesticide, AMVAC Chemical. But she said the company refused to turn over the data, including a study on the effects of DCPA on thyroid development and function, until November 2023. "We did make some good-faith efforts to work with the company," Freedhoff said. "But in the end, we didn't think any of the measures proposed by the company would be implementable, enforceable or effective." "DCPA has been used in the United States since the late 1950s," notes the report. "After the pesticide is applied, it can linger in the soil, contaminating crops later grown in those fields, including broccoli, cilantro, green onions, kale and mustard greens."

"The emergency order Tuesday temporarily suspends all registrations of the pesticide under the Federal Insecticide, Fungicide and Rodenticide Act. The agency plans to permanently suspend these registrations within the next 90 days."

Google's payments to make its search engine the default on smartphone web browsers violates US antitrust law, a federal judge ruled Monday, handing a key victory to the Justice Department. From a report: Judge Amit Mehta in Washington said that the Alphabet unit's $26 billion in payments effectively blocked any other competitor from succeeding in the market. Antitrust enforcers alleged that Google has illegally maintained a monopoly over online search and related advertising. The government said that Google has paid Apple, Samsung and others billions over decades for prime placement on smartphones and web browsers. This default position has allowed Google to build up the most-used search engine in the world, and fueled more than $300 billion in annual revenue largely generated by search ads.

Illinois Governor J.B. Pritzker has signed a bill into law that will significantly curb the penalties companies could face for improperly collecting and using fingerprints and other biometric data from workers and consumers. From a report: The bill passed by the legislature in May and signed by Pritzker, a Democrat, on Friday amends the state's Biometric Information Privacy Act (BIPA) so that companies can be held liable only for a single violation per person, rather than for each time biometric data is allegedly misused.

The amendments will dramatically limit companies' exposure in BIPA cases and could discourage plaintiffs' lawyers from filing many lawsuits in the first place, management-side lawyers said. "By limiting statutory damages to a single recovery per individual ... companies in most instances will no longer face the prospect of potentially annihilative damages awards that greatly outpace any privacy harms," David Oberly, of counsel at Baker Donelson in Washington, D.C., said before the bill was signed. BIPA, a 2008 law, requires companies to obtain permission before collecting fingerprints, retinal scans and other biometric information from workers and consumers. The law imposes penalties of $1,000 per violation and $5,000 for reckless or intentional violations.

Reeling from security and optics issues, Microsoft appears to be trying to correct its story. An anonymous reader shares a report: Microsoft made it clear earlier this year that it was planning to make security its top priority, following years of security issues and mounting criticisms. Starting today, the software giant is now tying its security efforts to employee performance reviews. Kathleen Hogan, Microsoft's chief people officer, has outlined what the company expects of employees in an internal memo obtained by The Verge. "Everyone at Microsoft will have security as a Core Priority," says Hogan. "When faced with a tradeoff, the answer is clear and simple: security above all else."

A lack of security focus for Microsoft employees could impact promotions, merit-based salary increases, and bonuses. "Delivering impact for the Security Core Priority will be a key input for managers in determining impact and recommending rewards," Microsoft is telling employees in an internal Microsoft FAQ on its new policy. Microsoft has now placed security as one of its key priorities alongside diversity and inclusion. Both are now required to be part of performance conversations -- internally called a "Connect" -- for every employee, alongside priorities that are agreed upon between employees and their managers.

This week America's Securities and Exchange Commission filed fraud charges against the former CEO of the startup social media site "IRL"

The BBC reports: IRL — which was once considered a potential rival to Facebook — took its name from its intention to get its online users to meet up in real life. However, the initial optimism evaporated after it emerged most of IRL's users were bots, with the platform shutting in 2023...

The SEC says it believes [CEO Abraham] Shafi raised about $170m by portraying IRL as the new success story in the social media world. It alleges he told investors that IRL had attracted the vast majority its supposed 12 million users through organic growth. In reality, it argues, IRL was spending millions of dollars on advertisements which offered incentives to prospective users to download the IRL app. That expenditure, it is alleged, was subsequently hidden in the company's books.
IRL received multiple rounds of venture capital financing, eventually reaching "unicorn status" with a $1.17 billion valuation, according to TechCrunch. But it shut down in 2023 "after an internal investigation by the company's board found that 95% of the app's users were 'automated or from bots'."

TechCrunch notes it's the second time in the same week — and at least the fourth time in the past several months — that the SEC has charged a venture-backed founder on allegations of fraud... Earlier this week, the SEC charged BitClout founder Nader Al-Naji with fraud and unregistered offering of securities, claiming he used his pseudonymous online identity "DiamondHands" to avoid regulatory scrutiny while he raised over $257 million in cryptocurrency. BitClout, a buzzy crypto startup, was backed by high-profile VCs such as a16z, Sequoia, Chamath Palihapitiya's Social Capital, Coinbase Ventures and Winklevoss Capital.

In June, the SEC charged Ilit Raz, CEO and founder of the now-shuttered AI recruitment startup Joonko, with defrauding investors of at least $21 million. The agency alleged Raz made false and misleading statements about the quantity and quality of Joonko's customers, the number of candidates on its platform and the startup's revenue.

The agency has also gone after venture firms in recent months. In May, the SEC charged Robert Scott Murray and his firm Trillium Capital LLC with a fraudulent scheme to manipulate the stock price of Getty Images Holdings Inc. by announcing a phony offer by Trillium to purchase Getty Images.

America's Defense Department has launched a project "that aims to develop machine-learning tools that can automate the conversion of legacy C code into Rust," reports the Register — with an online event already scheduled later this month for those planning to submit proposals: The reason to do so is memory safety. Memory safety bugs, such buffer overflows, account for the majority of major vulnerabilities in large codebases. And DARPA's hope [that's the Defense Department's R&D agency] is that AI models can help with the programming language translation, in order to make software more secure. "You can go to any of the LLM websites, start chatting with one of the AI chatbots, and all you need to say is 'here's some C code, please translate it to safe idiomatic Rust code,' cut, paste, and something comes out, and it's often very good, but not always," said Dan Wallach, DARPA program manager for TRACTOR, in a statement. "The research challenge is to dramatically improve the automated translation from C to Rust, particularly for program constructs with the most relevance...."

DARPA's characterization of the situation suggests the verdict on C and C++ has already been rendered. "After more than two decades of grappling with memory safety issues in C and C++, the software engineering community has reached a consensus," the research agency said, pointing to the Office of the National Cyber Director's call to do more to make software more secure. "Relying on bug-finding tools is not enough...."

Peter Morales, CEO of Code Metal, a company that just raised $16.5 million to focus on transpiling code for edge hardware, told The Register the DARPA project is promising and well-timed. "I think [TRACTOR] is very sound in terms of the viability of getting there and I think it will have a pretty big impact in the cybersecurity space where memory safety is already a pretty big conversation," he said.
DARPA's statement had an ambitious headline: "Eliminating Memory Safety Vulnerabilities Once and For All."

"Rust forces the programmer to get things right," said DARPA project manager Wallach. "It can feel constraining to deal with all the rules it forces, but when you acclimate to them, the rules give you freedom. They're like guardrails; once you realize they're there to protect you, you'll become free to focus on more important things."

Code Metal's Morales called the project "a DARPA-hard problem," noting the daunting number of edge cases that might come up. And even DARPA's program manager conceded to the Register that "some things like the Linux kernel are explicitly out of scope, because they've got technical issues where Rust wouldn't fit."

Thanks to long-time Slashdot reader RoccamOccam for sharing the news.

America's Senate "overwhelmingly passed major online safety reforms to protect children on social media," reports the Guardian.

"But with ongoing pushback from the tech industry and freedom of speech organizations, the legislation faces an uncertain future in the House." "It's a terrible idea to let politicians and bureaucrats decide what people should read and view online," freedom of speech group the Electronic Frontier Foundation said of the Senate's passage of Kosa... Advocates of Kosa reject these critiques, noting the bill has been revised to address many of those concerns — including shifting enforcement from attorneys general to the federal trade commission and focusing the "duty of care" provisions on product design features of the site or app rather than content specifically. A number of major LGBTQ+ groups dropped their opposition to the legislation following these changes, including the Human Rights Campaign, GLAAD and the Trevor Project.

After passing the Senate this week, the bill has now moved onto the House, which is on a six-week summer recess until September. Proponents are now directing their efforts towards House legislators to turn the bill into law. Joe Biden has indicated he would sign it if it passes. In a statement Tuesday encouraging the House to pass the legislation, the US president said: "We need action by Congress to protect our kids online and hold big tech accountable for the national experiment they are running on our children for profit...."

House speaker Mike Johnson of Louisiana has expressed support for moving forward on Kosa and passing legislation this Congress, but it's unclear if he will bring the bill up in the House immediately. Some experts say the bill is unlikely to be passed in the House in the form passed by the Senate. "Given the concerns about potential censorship and the possibility of minors' lacking access to vital information, pausing KOSA makes eminent sense," said Gautam Hans, associate clinical professor of law and associate director of the First Amendment Clinic at Cornell Law School. He added that the House may put forward its own similar legislation instead, or modify KOSA to further address some of these concerns.
The political news site Punchbowl News also noted this potentially significant quote: A House GOP leadership aide told us this about KOSA: "We've heard concerns across our Conference and the Senate bill cannot be brought up in its current form."
TechDirt argues that "Senator Rand Paul's really excellent letter laying out the reasons he couldn't support the bill may have had an impact."

Thanks to long-time Slashdot reader SonicSpike for sharing the news.

America's National Institute of Standards and Technology (NIST) has released a new open-source software tool called Dioptra for testing the resilience of machine learning models to various types of attacks.

"Key features that are new from the alpha release include a new web-based front end, user authentication, and provenance tracking of all the elements of an experiment, which enables reproducibility and verification of results," a NIST spokesperson told SC Media: Previous NIST research identified three main categories of attacks against machine learning algorithms: evasion, poisoning and oracle. Evasion attacks aim to trigger an inaccurate model response by manipulating the data input (for example, by adding noise), poisoning attacks aim to impede the model's accuracy by altering its training data, leading to incorrect associations, and oracle attacks aim to "reverse engineer" the model to gain information about its training dataset or parameters, according to NIST.

The free platform enables users to determine to what degree attacks in the three categories mentioned will affect model performance and can also be used to gauge the use of various defenses such as data sanitization or more robust training methods.

The open-source testbed has a modular design to support experimentation with different combinations of factors such as different models, training datasets, attack tactics and defenses. The newly released 1.0.0 version of Dioptra comes with a number of features to maximize its accessibility to first-party model developers, second-party model users or purchasers, third-party model testers or auditors, and researchers in the ML field alike. Along with its modular architecture design and user-friendly web interface, Dioptra 1.0.0 is also extensible and interoperable with Python plugins that add functionality... Dioptra tracks experiment histories, including inputs and resource snapshots that support traceable and reproducible testing, which can unveil insights that lead to more effective model development and defenses.
NIST also published final versions of three "guidance" documents, according to the article. "The first tackles 12 unique risks of generative AI along with more than 200 recommended actions to help manage these risks. The second outlines Secure Software Development Practices for Generative AI and Dual-Use Foundation Models, and the third provides a plan for global cooperation in the development of AI standards."

Thanks to Slashdot reader spatwei for sharing the news.

"Five years ago, Brian Frye set an elaborate trap," writes Decrypt.co. "Now the law professor is teaming up with a singer-songwriter to finally spring it" on America's Security and Exchange Commission "in a novel lawsuit — and in the process, prevent the regulator from ever coming after NFT art projects again." Over and again, the SEC has sued cherry-picked NFT projects it says qualify as unregistered securities — but never once has the regulator defined what types of NFT projects are legal and which are not, casting a chill over the nascent industry... [In 2019] Frye, an expert in securities law and a fan of novel technologies, minted an NFT of a letter he sent to the SEC in which he declared his art project to constitute an illegal, unregistered security. If the conceptual art project wasn't a security, Frye challenged the agency, then it needed to say so. The SEC never responded to Frye — not then, and not after several more self-incriminating correspondences from the professor. But in due time, the agency began vigorously pursuing, and suing, NFT projects.
So 10 months ago, Jonathan Mann — who writes a new song every day and shares it online — crafted a song titled "This Song is A Security." As a seller of NFTs himself, Mann wrote the song "to fight back against the SEC, and defend his right — plus the rights of other artists like him — to earn revenue," according to the article: Frye, who'd practically been salivating for such an opportunity for half a decade, was a natural fit.... In the lawsuit filed against the SEC in Louisiana earlier this week, they challenged the SEC's standing to regulate their NFT-backed artworks as securities, and demanded the agency declare that their respective art projects do not constitute illegal, unregistered securities offerings.
More from the International Business Times: The complaint asked the court to clarify whether the SEC should regulate art and whether artists were supposed to "register" their artworks before selling the pieces to the general public. The complaint also asked whether artists should be "forced to make public disclosures about the 'risks' of buying their art," and whether artists should be "required to comply" with federal securities laws...

The Blockchain Association, a collective crypto group that includes some of the biggest digital asset firms, asserted that the SEC has no authority over NFT art. "We support the plaintiffs in their quest for legal clarity," the group said.
In an interview with Slashdot, Mann says he started his "Song a Day" project almost 17 years ago (when he was 26 years old) — and his interest in NFTs is sincere: "Over the years, I've always sought a way to make Song A Day sustainable financially, through video contests, conference gigs, ad revenue, royalties, Patreon and more.

"When I came across NFTs in 2017, they didn't have a name. We just called them 'digital collectibles'. For the last 2+ years, NFTs have become that self-sustaining model for my work.

"I know most people believe NFTs are a joke at best and actively harmful at worst. Even most people in the crypto community have given up on them. Despite all that, I still believe they're worth pursuing.

"Collecting an NFT from an artist you love is the most direct way to support them. There's no multinational corporation, no payment processor, and no venture capitalists between you and the artist you want to support."
Slashdot also tracked down the SEC's Office of Public Affairs, and got an official response from SEC public affairs specialist Ryan White.

Slashdot: The suit argues that the SEC's approach "threatens the livelihoods of artists and creators that are simply experimenting with a novel, fast-growing technology," and seeks guidance in the face of a "credible threat of enforcement". Is the SEC going to respond to this lawsuit? And if you don't have an answer at this time, can you give me a general comment on the issues and concerns being raised?

SEC Public Affairs Specialist Ryan White: We would decline comment.

Decrypt.co points out that the lawsuit "has no guarantee of offering some conclusive end to the NFT regulation question... That may only come with concrete legislation or a judgment by the Supreme Court."

But Mann's song still makes a very public show out of their concerns — with Mann even releasing a follow-up song titled "I'm Suing the SEC." (Its music video mixes together wacky clips of Mila Kunis's Stoner Cats and Fonzie jumping a shark with footage of NFT critics like Elizabeth Warren and SEC chairman Gary Gensler.)

And an earlier song also used auto-tune to transform Gensler's remarks about cryptocurrencies into the chorus of a song titled "Hucksters, Fraudsters, Scam Artists, Ponzi Schemes".

Mann later auctioned an NFT of the song — for over $3,000 in Ethereum.

Somewhere in America's Defense Department, the DARPA R&D agency is running a two-year contest to write an AI-powered program "that can scan millions of lines of open-source code, identify security flaws and fix them, all without human intervention," reports the Washington Post. [Alternate URL here.]

But as they see it, "The contest is one of the clearest signs to date that the government sees flaws in open-source software as one of the country's biggest security risks, and considers artificial intelligence vital to addressing it." Free open-source programs, such as the Linux operating system, help run everything from websites to power stations. The code isn't inherently worse than what's in proprietary programs from companies like Microsoft and Oracle, but there aren't enough skilled engineers tasked with testing it. As a result, poorly maintained free code has been at the root of some of the most expensive cybersecurity breaches of all time, including the 2017 Equifax disaster that exposed the personal information of half of all Americans. The incident, which led to the largest-ever data breach settlement, cost the company more than $1 billion in improvements and penalties.

If people can't keep up with all the code being woven into every industrial sector, DARPA hopes machines can. "The goal is having an end-to-end 'cyber reasoning system' that leverages large language models to find vulnerabilities, prove that they are vulnerabilities, and patch them," explained one of the advising professors, Arizona State's Yan Shoshitaishvili.... Some large open-source projects are run by near-Wikipedia-size armies of volunteers and are generally in good shape. Some have maintainers who are given grants by big corporate users that turn it into a job. And then there is everything else, including programs written as homework assignments by authors who barely remember them.

"Open source has always been 'Use at your own risk,'" said Brian Behlendorf, who started the Open Source Security Foundation after decades of maintaining a pioneering free server software, Apache, and other projects at the Apache Software Foundation. "It's not free as in speech, or even free as in beer," he said. "It's free as in puppy, and it needs care and feeding."
40 teams entered the contest, according to the article — and seven received $1 million in funding to continue on to the next round, with the finalists to be announced at this year's Def Con, according to the article.

"Under the terms of the DARPA contest, all finalists must release their programs as open source," the article points out, "so that software vendors and consumers will be able to run them."

An anonymous reader quotes a report from Ars Technica: The US government will pay Moderna $176 million to develop an mRNA vaccine against a pandemic influenza -- an award given as the highly pathogenic bird flu virus H5N1 continues to spread widely among US dairy cattle. The funding flows through BARDA, the Biomedical Advanced Research and Development Authority, as part of a new Rapid Response Partnership Vehicle (RRPV) Consortium. The program is intended to set up partnerships with industry to help the country better prepare for pandemic threats and develop medical countermeasures, the Department of Health and Human Services said in a press announcement Tuesday.

In its own announcement on Tuesday, Moderna noted that it began a Phase 1/2 trial of a pandemic influenza virus vaccine last year, which included versions targeting H5 and H7 varieties of bird flu viruses. The company said it expects to release the results of that trial this year and that those results will direct the design of a Phase 3 trial, anticipated to begin in 2025. The funding deal will support late-stage development of a "pre-pandemic vaccine against H5 influenza virus," Moderna said. But, the deal also includes options for additional vaccine development in case other public health threats arise.

US health officials have said previously that they were in talks with Moderna and Pfizer about the development of a pandemic bird flu vaccine. The future vaccine will be in addition to standard protein-based bird flu vaccines that are already developed. In recent weeks, the health department has said it is working to manufacture 4.8 million vials of H5 influenza vaccine in the coming months. The plans come three months into the H5N1 dairy outbreak, which is very far from the initial hopes of containment. [...] The more the virus expands its footprint across US dairy farms, adapts to its newfound mammalian host, and comes in contact with humans, the more and more chances it has to leap to humans and gain the ability to spread among us. "The award made today is part of our longstanding commitment to strengthen our preparedness for pandemic influenza," said Dawn O'Connell, assistant secretary for Preparedness and Response. "Adding this technology to our pandemic flu toolkit enhances our ability to be nimble and quick against the circulating strains and their potential variants."

In a separate article, Ars Technica reports on a small study in Texas that suggests human cases are going undetected on dairy farms where the H5N1 virus has spread in cows.