« L’”expérimentation” de la vidéosurveillance algorithmique (VSA) dans le cadre fixé par la loi “Jeux Olympiques” adoptée l’an dernier n’en est pas une : elle n’est qu’une manœuvre hypocrite destinée à légaliser par petites touches une infrastructure policière déjà massivement déployée en France », explique l’association en guise d’introduction.

Au cours des dernières semaines, de nouvelles expérimentations ont été autorisées. Il y a eu le Festival de Cannes, un concert du groupe Black Eyed Peas à la Défense Arena et le match de football PSG-OL au parc des Princes.

• JOP : la préfecture de Paris autorise deux nouvelles expérimentations de vidéosurveillance algorithmique (VSA)
• JOP : le festival de Cannes expérimentera lui aussi la vidéosurveillance algorithmique (VSA)

La Quadrature du Net dénonce « l’hypocrisie ambiante » de ces expérimentations et « vient de déposer une plainte devant la CNIL contre un déploiement de la VSA totalement illégal et resté largement sous les radars : le projet Prevent PCP ».

« Associant la SNCF et la RATP avec un panel d’entreprises, dont le groupe Atos et ChapsVision (par ailleurs toutes deux prestataires des expérimentations liées à la loi JO), Prevent PCP prend formellement la forme d’un marché public subventionné par l’Union européenne. En pratique, les entreprises voient leurs systèmes de VSA déployés dans des grandes gares à travers l’Europe pour détecter des « bagages abandonnés », via une méthode reposant sur l’identification et le suivi des propriétaires des bagages. »

La Quadrature en profite pour mettre en ligne de nombreuses ressources pour « nourrir une opposition populaire à la VSA ». Il y a une brochure et une page de campagne dédiée. Pour l’association, le pire est à venir : « les projets de loi visant à pérenniser la VSA en recourant aux applications les plus sensibles […] sont pour certains déjà dans les cartons ».

Zen restons Zen

AMD vient de fêter ses 55 ans et, comme souvent sur Next, ce genre d’anniversaire est l’occasion de vous proposer une petite rétrospective de la marque. Elle a commencé par cloner des CPU Intel avant de se lancer toute seule, avec une belle réussite depuis quelques années.

On parlera ici principalement des CPU, car nous avons déjà consacré tout un dossier aux évolutions des GPU. Pour rappel, AMD a racheté ATI en 2006, pour 5,4 milliards de dollars. La marque ATI n’a pas été conservée, mais la dénomination des Radeon oui, et elle perdure encore aujourd’hui.

Dans les autres rachats marquants, rappelons qu’AMD s’est payé Xilinx (une société spécialisée dans les FPGA) pour 35 milliards de dollars en 2020.

• Cartes graphiques : 30 ans d’évolution des GPU
• AMD et Xilinx officialisent leur « deal » à 35 milliards de dollars (en actions)

Retour dans le passé des années 70

« L’”expérimentation” de la vidéosurveillance algorithmique (VSA) dans le cadre fixé par la loi “Jeux Olympiques” adoptée l’an dernier n’en est pas une : elle n’est qu’une manœuvre hypocrite destinée à légaliser par petites touches une infrastructure policière déjà massivement déployée en France », explique l’association en guise d’introduction.

Au cours des dernières semaines, de nouvelles expérimentations ont été autorisées. Il y a eu le Festival de Cannes, un concert du groupe Black Eyed Peas à la Défense Arena et le match de football PSG-OL au parc des Princes.

• JOP : la préfecture de Paris autorise deux nouvelles expérimentations de vidéosurveillance algorithmique (VSA)
• JOP : le festival de Cannes expérimentera lui aussi la vidéosurveillance algorithmique (VSA)

La Quadrature du Net dénonce « l’hypocrisie ambiante » de ces expérimentations et « vient de déposer une plainte devant la CNIL contre un déploiement de la VSA totalement illégal et resté largement sous les radars : le projet Prevent PCP ».

« Associant la SNCF et la RATP avec un panel d’entreprises, dont le groupe Atos et ChapsVision (par ailleurs toutes deux prestataires des expérimentations liées à la loi JO), Prevent PCP prend formellement la forme d’un marché public subventionné par l’Union européenne. En pratique, les entreprises voient leurs systèmes de VSA déployés dans des grandes gares à travers l’Europe pour détecter des « bagages abandonnés », via une méthode reposant sur l’identification et le suivi des propriétaires des bagages. »

La Quadrature en profite pour mettre en ligne de nombreuses ressources pour « nourrir une opposition populaire à la VSA ». Il y a une brochure et une page de campagne dédiée. Pour l’association, le pire est à venir : « les projets de loi visant à pérenniser la VSA en recourant aux applications les plus sensibles […] sont pour certains déjà dans les cartons ».

Aria Alamalhodaei reports via TechCrunch: Hubble Network has become the first company in history to establish a Bluetooth connection directly to a satellite -- a critical technology validation for the company, potentially opening the door to connecting millions more devices anywhere in the world. The Seattle-based startup launched its first two satellites to orbit on SpaceX's Transporter-10 ride-share mission in March; since that time, the company confirmed that it has received signals from the onboard 3.5mm Bluetooth chips from over 600 kilometers away. The sky is truly the limit for space-enabled Bluetooth devices: the startup says its technology can be used in markets including logistics, cattle tracking, smart collars for pets, GPS watches for kids, car inventory, construction sites, and soil temperature monitoring. Haro said the low-hanging fruit is those industries that are desperate for network coverage even once per day, like remote asset monitoring for the oil and gas industry. As the constellation scales, Hubble will turn its attention to sectors that may need more frequent updates, like soil monitoring, to continuous coverage use cases like fall monitoring for the elderly. Once its up and running, a customer would simply need to integrate their devices' chipsets with a piece of firmware to enable connection to Hubble's network.

Read more of this story at Slashdot.

Ars Technica explique qu’une « nouvelle version de la loi de 2022 sur la sécurité des produits et l’infrastructure des télécommunications (PTSI) est maintenant en vigueur ». Désormais, tous les produits connectés doivent disposer d’un « mot de passe aléatoire ou générer un mot de passe lors de l’initialisation (via une application pour smartphone ou d’autres moyens) ».

Les Britanniques ont pris soin de préciser que le mot de passe ne peut pas être incrémentiel de type password1, password2… et ne doit pas être « lié de manière évidente à des informations publiques ». On pense notamment à l’adresse MAC ou un SSID de réseau Wi-Fi.

Un mécanisme « simple » doit permettre de changer le mot de passe. On se souvient, par exemple, que certaines caméras chinoises avaient un mot de passe écrit en dur, directement dans le code… Dans la même idée, les composants logiciels doivent pouvoir être mis à jour.

Des sanctions sont prévues en cas de non-respect : « jusqu’à 10 millions de livres (environ 12,5 millions de dollars) ou 4 % du chiffre d’affaires mondial connexe, selon le montant le plus élevé », expliquent nos confrères.

La loi Cyber résilience en Europe… pour 2027 ?

En Europe, la sécurité des produits numériques est aussi en train d’être revue avec la loi Cyber résilience. Elle prévoit notamment que les produits tels que des logiciels de gestion d’identité, les gestionnaires de mots de passe, les lecteurs biométriques, les assistants domestiques intelligents et les caméras de sécurité privées « soient couverts par les nouvelles règles. Les produits devraient également recevoir des mises à jour de sécurité installées automatiquement et séparément des mises à jour de fonctionnalités ».

Le Conseil doit encore voter la directive, puis l’Union européenne doit la publier à son journal officiel. Il entrera en vigueur 20 jours plus tard et « les nouvelles règles s’appliqueront trois ans après l’entrée en vigueur du règlement », précise Mathias Avocat. Tout cela nous emmène vers la seconde moitié de 2027.

Ars Technica explique qu’une « nouvelle version de la loi de 2022 sur la sécurité des produits et l’infrastructure des télécommunications (PTSI) est maintenant en vigueur ». Désormais, tous les produits connectés doivent disposer d’un « mot de passe aléatoire ou générer un mot de passe lors de l’initialisation (via une application pour smartphone ou d’autres moyens) ».

Les Britanniques ont pris soin de préciser que le mot de passe ne peut pas être incrémentiel de type password1, password2… et ne doit pas être « lié de manière évidente à des informations publiques ». On pense notamment à l’adresse MAC ou un SSID de réseau Wi-Fi.

Un mécanisme « simple » doit permettre de changer le mot de passe. On se souvient, par exemple, que certaines caméras chinoises avaient un mot de passe écrit en dur, directement dans le code… Dans la même idée, les composants logiciels doivent pouvoir être mis à jour.

Des sanctions sont prévues en cas de non-respect : « jusqu’à 10 millions de livres (environ 12,5 millions de dollars) ou 4 % du chiffre d’affaires mondial connexe, selon le montant le plus élevé », expliquent nos confrères.

La loi Cyber résilience en Europe… pour 2027 ?

En Europe, la sécurité des produits numériques est aussi en train d’être revue avec la loi Cyber résilience. Elle prévoit notamment que les produits tels que des logiciels de gestion d’identité, les gestionnaires de mots de passe, les lecteurs biométriques, les assistants domestiques intelligents et les caméras de sécurité privées « soient couverts par les nouvelles règles. Les produits devraient également recevoir des mises à jour de sécurité installées automatiquement et séparément des mises à jour de fonctionnalités ».

Le Conseil doit encore voter la directive, puis l’Union européenne doit la publier à son journal officiel. Il entrera en vigueur 20 jours plus tard et « les nouvelles règles s’appliqueront trois ans après l’entrée en vigueur du règlement », précise Mathias Avocat. Tout cela nous emmène vers la seconde moitié de 2027.

In a first for "digital health technology," the Apple Watch's atrial fibrillation (AFib) history feature has been approved by the FDA to join the FDA's Medical Device Development Tools (MDDT) program. This means the wearable is now usable in clinical studies. The Verge reports: The FDA announcement describes using it as a noninvasive way to collect the data both before and after treatment: "Designed to be used as a biomarker test to help evaluate estimates of AFib burden as a secondary effectiveness endpoint within clinical studies intended to evaluate the safety and effectiveness of cardiac ablation devices to treat."

Read more of this story at Slashdot.

OpenZFS 2.2.4 was released on Thursday evening to provide the latest ZFS file-system support on Linux and FreeBSD platforms...

A patch recently posted to the Linux kernel mailing list is working on implementing ACPI Platform Profile support for modern Dell laptops to allow users to have more control over their balanced / cool / quiet / performance behavior of the laptop and its resulting impact on the fan noise / cooling performance...

When given the choice, pet parrots prefer to video-call each other instead of watch pre-recorded videos of other birds. Those are the findings from a new paper (PDF) set to appear next week at a conference on Human Factors in Computing Systems in Hawaii. Phys.Org reports: The study, led by animal-computer interaction specialists at the University of Glasgow, gave tablet devices to nine parrots and their owners to explore the potential of the video chats to expand the birds' social lives. Their results suggest that the clever birds, who often suffer from loneliness in captivity, may be able to tell the difference between live and pre-recorded content on digital devices, and strongly prefer interacting with other birds in real time. Over the course of the six-month study, the parrots chose to initiate calls to other birds significantly more often than they opted to watch pre-recorded footage. They also seemed more engaged in the live chats, spending much longer on calls with other birds than they did watching videos from a library of options. The findings could help steer the future course of the emerging "animal internet," which uses digital technology to empower animals to interact with humans and each other in new ways.

Read more of this story at Slashdot.

Several users on Reddit have noticed that Spotify has started hiding song lyrics behind a paywall. "This means you won't be able to sing along unless you know the lyrics already, or are willing to look them up in another app," reports Android Police. From the report: Still, you lose the convenience of real-time sync with the track and automatic scrolling. Like skips per hour, it appears Spotify will implement a limit system and accessing lyrics will count against the user's limit, which should ideally reset after a stipulated time. Spotify usually requests lyrics from songwriters, publishers, and independent artists. However, in most other cases, the company has a working relationship with MusixMatch to provide lyrics, and perhaps Spotify isn't willing to absorb the costs of this partnership. That would explain why lyrics are now paywalled, but as a free-tier user, such changes are chipping away at the service's appeal.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Techdirt: Last week, hundreds of nurses protested the implementation of sloppy AI into hospital systems in front of Kaiser Permanente. Their primary concern: that systems incapable of empathy are being integrated into an already dysfunctional sector without much thought toward patient care: "No computer, no AI can replace a human touch," said Amy Grewal, a registered nurse. "It cannot hold your loved one's hand. You cannot teach a computer how to have empathy." There are certainly roles automation can play in easing strain on a sector full of burnout after COVID, particularly when it comes to administrative tasks. The concern, as with other industries dominated by executives with poor judgement, is that this is being used as a justification by for-profit hospital systems to cut corners further. From a National Nurses United blog post (spotted by 404 Media): "Nurses are not against scientific or technological advancement, but we will not accept algorithms replacing the expertise, experience, holistic, and hands-on approach we bring to patient care," they added. Kaiser Permanente, for its part, insists it's simply leveraging "state-of-the-art tools and technologies that support our mission of providing high-quality, affordable health care to best meet our members' and patients' needs." The company claims its "Advance Alert" AI monitoring system -- which algorithmically analyzes patient data every hour -- has the potential to save upwards of 500 lives a year. The problem is that healthcare giants' primary obligation no longer appears to reside with patients, but with their financial results. And, that's even true in non-profit healthcare providers. That is seen in the form of cut corners, worse service, and an assault on already over-taxed labor via lower pay and higher workload (curiously, it never seems to impact outsized high-level executive compensation).

Read more of this story at Slashdot.

Sony Pictures Entertainment and Apollo Global Management have made a bid to acquire Paramount for $26 billion and take it private. Variety reports: Sony and private-equity giant Apollo submitted a letter with the non-binding offer Wednesday to Paramount Global, as first reported by the Wall Street Journal. The bid, which would include the assumption of debt and could be negotiated, would be a premium over the company's current $22 billion enterprise value. Shares of Paramount Global jumped 13% on news of the offer from Apollo and Sony Entertainment, closing at $13.86 per share Thursday. It's not clear how Paramount's board will proceed on the Sony-Apollo proposal, having rejected previous overtures from the private-equity firm. The company has an exclusive negotiating window with Skydance that ends Friday (May 3), but discussions among the parties could extend beyond that. If it happens, the combination of Sony Pictures with Paramount Pictures would likely result in mass layoffs -- and knock the number of major Hollywood studios from five to four, after Disney took over 20th Century. Sony Corp., which acquired Columbia Pictures in 1990 for $3.5 billion, is the largest studio operator in the industry that does not have a broad-scale direct-to-consumer streaming play. Under the proposed bid with Apollo, Sony would be the majority owner of the combined company. Sony Corp. would merge Sony Pictures Entertainment into a joint venture with Paramount Global. Sony and Apollo would both contribute cash to finance the deal. What's unclear is what would happen to the 28 local TV stations CBS owns; FCC rules bar foreign entities (i.e. Tokyo-based Sony) from having majority ownership control of broadcast TV stations, so Sony would need to carve out a separate U.S. ownership structure for the station group. In the Skydance scenario, Redstone would sell her stake in National Amusements, which holds 77% of the voting shares in Paramount Global, to Skydance, whereupon Skydance would merge with Paramount Global in an all-stock deal that would value Skydance at roughly $5 billion. Paramount Global would remain a publicly traded company. Redstone would receive up to $2 billion from the Skydance-NAI transaction; in addition, Skydance would pay a premium for Paramount Global shares and pay $3 billion to the company to help pay down debt. Ellison would serve as CEO of the merged Paramount-Skydance, while Jeff Shell, the former NBCUniversal CEO who is chairman of sports and media at RedBird and works under founder and managing partner Gerry Cardinale, would take on a key management role.

Read more of this story at Slashdot.

Dan Goodin reports via Ars Technica: A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government officials warned as data showed that thousands of users had yet to install a patch released in January. A change GitLab implemented in May 2023 made it possible for users to initiate password changes through links sent to secondary email addresses. The move was designed to permit resets when users didn't have access to the email address used to establish the account. In January, GitLab disclosed that the feature allowed attackers to send reset emails to accounts they controlled and from there click on the embedded link and take over the account. While exploits required no user interaction, hijackings worked only against accounts that weren't configured to use multi-factor authentication. Even with MFA, accounts remained vulnerable to password resets. The vulnerability, tracked as CVE-2023-7028, carries a severity rating of 10 out of a possible 10. The vulnerability, classified as an improper access control flaw, could pose a grave threat. GitLab software typically has access to multiple development environments belonging to users. With the ability to access them and surreptitiously introduce changes, attackers could sabotage projects or plant backdoors that could infect anyone using software built in the compromised environment. An example of a similar supply chain attack is the one that hit SolarWinds in 2021, infecting more than 18,000 of its customers. Other recent examples of supply chain attacks are here, here, and here. These sorts of attacks are powerful. By hacking a single, carefully selected target, attackers gain the means to infect thousands of downstream users, often without requiring them to take any action at all. According to Internet scans performed by security organization Shadowserver, more than 2,100 IP addresses showed they were hosting one or more vulnerable GitLab instances. In order to protect your system, you should enable MFA and install the latest patch. "GitLab users should also remember that patching does nothing to secure systems that have already been breached through exploits," notes Goodin.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Microsoft has changed its policy to ban U.S. police departments from using generative AI through the Azure OpenAI Service, the company's fully managed, enterprise-focused wrapper around OpenAI technologies. Language added Wednesday to the terms of service for Azure OpenAI Service prohibits integrations with Azure OpenAI Service from being used "by or for" police departments in the U.S., including integrations with OpenAI's text- and speech-analyzing models. A separate new bullet point covers "any law enforcement globally," and explicitly bars the use of "real-time facial recognition technology" on mobile cameras, like body cameras and dashcams, to attempt to identify a person in "uncontrolled, in-the-wild" environments. [...] The new terms leave wiggle room for Microsoft. The complete ban on Azure OpenAI Service usage pertains only to U.S., not international, police. And it doesn't cover facial recognition performed with stationary cameras in controlled environments, like a back office (although the terms prohibit any use of facial recognition by U.S. police). That tracks with Microsoft's and close partner OpenAI's recent approach to AI-related law enforcement and defense contracts. Last week, taser company Axon announced a new tool that uses AI built on OpenAI's GPT-4 Turbo model to transcribe audio from body cameras and automatically turn it into a police report. It's unclear if Microsoft's updated policy is in response to Axon's product launch.

Read more of this story at Slashdot.

Ecobee, the company that pioneered smart thermostats with its Ecobee Smart in 2008, has announced it will end online support for the device and its commercial counterpart, the Ecobee Energy Management System, on July 31, 2024. The move will disable internet-dependent features such as web portal control, smart integrations, and weather-related functionality, while basic HVAC control and scheduling will remain operational.

Read more of this story at Slashdot.

An anonymous reader shares a column: When Apple CEO Tim Cook and a bunch of his deputies take the virtual stage next week to announce new iPads, they're going to spend a lot of time talking about specs. If the rumors are true, we're going to get new iPad Pros with OLED screens and thinner bodies, new Airs with faster chips and a correctly placed front camera, and a couple of new accessories. Before they even launch, I feel confident telling you these are the best iPads ever. But after all these years, I still don't know how to tell you whether you should want an iPad. Or what you'd want to do with it. This has been true forever, of course. The iPad is the jack-of-all-trades in Apple's lineup, a terrific device in many ways that still feels increasingly redundant now that so many people have big phones and long-lasting laptops. Apple seems to have spent the last decade-plus enamored with the idea of the iPad as a shapeshifter -- a device that can be exactly what you need at any given time. The company loves that the iPad's use case is hard to pin down, that it means different things to different people. It's a fun, good, ambitious idea: The One Gadget To Rule Them All. The way to make that happen, though, is not to upgrade the chips or move the buttons or redesign the rounded corners. It's to focus less on the iPad itself and more on the things you attach to it. [...] The iPad is a screen and a processor, and everything else should be an add-on for whenever you need it. Give the gamers a controller and an external GPU. Give the music lovers a speaker dock, and give the smart home fanatics a bunch of buttons that connect to various devices. The photographers need lenses; the spreadsheeters need a keyboard with function keys. The Pencil and the Magic Keyboard are a start, but Apple needs to do much more. The company needs to spend less time worrying about the iPad itself -- a device famous for how long it lasts and that hardly anyone is using to its full potential -- and more time on how to make it more than just a tablet. (Plus, bonus for Apple: it's going to be a lot easier to get people to buy accessories than to convince them to upgrade their iPad when they don't need to.)

Read more of this story at Slashdot.

The FBI cut its warrantless searches of American data in half in 2023, according to a government report released on Tuesday. From a report: According to the Office of the Director of National Intelligence's annual transparency report, the FBI conducted 57,094 searches of "US person" data under Section 702 of the Foreign Intelligence Surveillance Act last year -- a 52 percent decrease from 2022. In a press briefing, a senior FBI official said that the drop was due to reforms the agency implemented in 2021 and 2022, The Record reports. Despite the drop in overall searches of Americans' data, the report also notes that the number of foreign targets whose data could be searched in the Section 702 database rose to 268,590, a 9 percent increase from the previous year. The number of "probable cause" targets also increased significantly, from 417 in 2022 to 759 in 2023. Of those, 57 percent are estimated to be "US persons," which includes US citizens and permanent residents.

Read more of this story at Slashdot.

Google is making its last attempt to fight back against a historic effort by the US Department of Justice to break the tech giant's grip on online search, as the most significant antitrust trial in 25 years comes to a close in Washington. From a report: A federal court in Washington began hearing closing arguments on Thursday after a 10-week trial in which the DoJ accused Alphabet, the parent company of Google, of suppressing search rivals by paying tens of billions annually for anti-competitive agreements with wireless carriers, browser developers and device manufacturers. During the hearing on Thursday, John Schmidtlein, a lawyer from Williams & Connolly representing Google, sought to push back on claims that it had hindered rivals' efforts to gain a foothold in online search, and argued that users had plenty of alternatives. Unsealed court documents revealed this week that Alphabet paid Apple $20bn in 2022 alone to be the default search engine for its iPhone and Safari browser on its other devices. "Google winning agreements because it has a better product is not a harm to the competitive process, even if it gives it scale to improve its product," Schmidtlein told the court. A lawyer for the government, Kenneth Dintzer, told the court that Google's "anti-competitive conduct harms competition and is self perpetuating." Defaults "are a powerful way to drive searches, otherwise Google wouldn't pay billions of dollars for them," he added. Amit Mehta, the judge hearing the case, noted that search "today looks a lot different than it didâ 10 to 15 years ago. He pushed back on the DoJ's contention that the quality of search had suffered due to the lack of competition, although he also noted that only two "substantial competitors" had entered the search market in the past decade. "Doesn't that tell us all we need to know in terms of barriers of entry," he asked.

Read more of this story at Slashdot.