Category: Regulations & Security

These stories, posts and articles include legal hearings, criminal procedures, governmental approvals, societal norms, and other universal orders…

Categories
Business Culture Economics Lifestyle Perspectives Regulations & Security

AM Best removes from under review with negative implications and affirms credit ratings of Clear Blue Insurance Group members

OLDWICK, N.J. — (BUSINESS WIRE) — #insuranceAM Best has removed from under review with negative implications and affirmed the Financial Strength Rating (FSR) of A- (Excellent) and the Long-Term Issuer Credit Rating (Long-Term ICR) of “a-” (Excellent) of the members of Clear Blue Insurance Group (Clear Blue) (Guaynabo, Puerto Rico).

 

The outlook assigned to these Credit Ratings (ratings) is stable. See below for a detailed listing of members and ratings.

The ratings of Clear Blue reflect the group’s balance sheet strength, which AM Best assesses as very strong, as well as its adequate operating performance, limited business profile and appropriate enterprise risk management (ERM).

 

Clear Blue’s ratings were placed under review with negative implications on July 25, 2023, as a result of the uncertainty surrounding Clear Blue’s ability to rely on certain letters of credit, posted to back reinsurance placed by Clear Blue with certain reinsurers in Vesttoo-related transactions. Of particular concern was the potential balance sheet implications, in addition to the execution and timing risk associated with replacing capacity or letters of credit.

 

Over the past few months, Clear Blue has successfully moved active programs to either new reinsurers or reinsurers on its existing panels took higher percentages. All of these contracts have been signed and are fully collateralized. All “run-off” programs which remain in place are collateralized by funds held in cash from written premium. However, additional collateral on these programs above the funds held has not been replaced.

 

Clear Blue did take a $33 million temporary reduction in surplus in its second quarter 2023 filings due to the commission strain on unearned premiums. However, the impact decreased to $16.36 million in third quarter 2023 filings and is expected to gradually decline over the next few quarters before disappearing by mid-2024. In addition to the temporary implications, the lack of replacement collateral on the “run-off” programs resulted in a $10.7 million write down of recoverables that resulted in an underwriting loss of the same amount in third quarter 2023. The lack of replacement collateral also exposes Clear Blue to adverse development on these run-off programs.

 

To solidify its balance sheet, Clear Blue was recently infused with $25 million, $15 million of which was funded by a line of credit at the holding company and an additional $10 million funded by an equity infusion from Pine Brook. Given these capital initiatives, Clear Blue’s ability to replace capacity on active programs and the relatively modest financial losses, AM Best continues to assess the company’s balance sheet strength level as very strong.

 

From an ERM perspective, AM Best notes it has become evident through documents associated with Vesttoo’s bankruptcy filing that fraud was at the heart of this episode. In response to this fraud, Clear Blue has implemented more rigorous procedures around securing, documenting and confirming letters of credit. AM Best believes these actions to be appropriate.

 

The performance of the retained run-off programs remains uncertain and could potentially impact Clear Blue financially and operationally. The stable outlook that has been assigned reflects AM Best’s view that the actions taken by Clear Blue should continue to mitigate the potential negative impacts. However, if this view were to change, AM Best may need to take negative rating action.

 

The FSR of A- (Excellent) and the Long-Term ICRs of “a-” (Excellent) have been removed from under review with negative implications with a stable outlook assigned for the following property/casualty subsidiaries of Clear Blue:

  • Clear Blue Insurance Company
  • Clear Blue Specialty Insurance Company
  • Highlander Specialty Insurance Company
  • Rock Ridge Insurance Company

 

This press release relates to Credit Ratings that have been published on AM Best’s website. For all rating information relating to the release and pertinent disclosures, including details of the office responsible for issuing each of the individual ratings referenced in this release, please see AM Best’s Recent Rating Activity web page. For additional information regarding the use and limitations of Credit Rating opinions, please view Guide to Best’s Credit Ratings. For information on the proper use of Best’s Credit Ratings, Best’s Performance Assessments, Best’s Preliminary Credit Assessments and AM Best press releases, please view Guide to Proper Use of Best’s Ratings & Assessments.

 

AM Best is a global credit rating agency, news publisher and data analytics provider specializing in the insurance industry. Headquartered in the United States, the company does business in over 100 countries with regional offices in London, Amsterdam, Dubai, Hong Kong, Singapore and Mexico City. For more information, visit www.ambest.com.

 

Copyright © 2023 by A.M. Best Rating Services, Inc. and/or its affiliates. ALL RIGHTS RESERVED.

Contacts

Gordon McLean
Senior Financial Analyst
+1 908 882 2109
gordon.mclean@ambest.com

Christopher Sharkey
Associate Director, Public Relations
+1 908 882 2310

christopher.sharkey@ambest.com

Gregory Williams
Senior Director
+1 908 882 2434
greg.williams@ambest.com

Al Slavin
Senior Public Relations Specialist
+1 908 882 2318
al.slavin@ambest.com

Categories
Business Culture Digital - AI & Apps Economics Lifestyle Regulations & Security Technology

Email: Mt. Gox plans repay some creditors ‘within the 2023 calendar year,’ likely extending into 2024, marking the first step in repayments for all creditors

Quick Take

  • An email to creditors said that the defunct bitcoin exchange plans to commence cash repayments this year and will likely continue repaying into next year.

 

 

Mt. Gox plans to start repaying some creditors “shortly” in cash as stated in an email creditors received today.

The defunct bitcoin exchange, which collapsed in 2014, said in the email that the rehabilitation trustee is “making efforts to commence repayments in cash within the 2023 calendar year.” Repayments, however, will likely “continue into 2024” given the large number of rehabilitation creditors. 

“The specific timing of repayment to individual rehabilitation creditors is undetermined, and therefore, it will not be possible to provide advance notice to each rehabilitation creditor regarding the specific timing of their repayment,” Rehabilitation Trustee Nobuaki Kobayashi said in the email.

Kobayashi noted that creditors may check the repayment status in its claim filing system.

In a separate document sent to creditors today, Kobayashi said that on Nov. 17, the rehabilitation trustee received the redemption of 7 billion yen ($46.9 billion) from the trust assets to fund the repayment. The remaining amount of the trust assets following such redemption was 8.8 billion yen, according to the notice.

The latest move appears to mark the first step in repayments for all. In September, Mt. Gox extended the deadline for rehabilitation creditor repayments from Oct. 31, 2023, to Oct. 31, 2024.

Launched in 2010, the Tokyo-based platform gained popularity and became the largest bitcoin exchange by 2013, servicing 70% of all bitcoin trades worldwide. However, it stopped all withdrawals in early 2014 when the business suspended trading. The site soon went offline, and the company filed for bankruptcy protection after losing over 800,000 bitcoins.

 

About Author

Timmy Shen is an Asia reporter for The Block. Previously, he wrote about crypto and Web3 for Forkast.News from Taiwan after spending more than three years in Beijing covering finance and current affairs at Caixin Global and Chinese tech at TechNode. His China-related reporting has also appeared in The Guardian. When he’s not chasing headlines, you’ll find him savoring hot pot and shabu shabu in a Taipei local haunt. Timmy holds an MS degree from Columbia University Graduate School of Journalism. Send tips to tshen@theblock.co or get in touch on X/Telegram @timmyhmshen.

 

 

Techmeme, (Timmy Shen / The Block)

Categories
Business Culture Digital - AI & Apps Lifestyle Perspectives Regulations & Security Technology

A US judge rejects X’s bid to overturn a May 2022 FTC order imposing restrictions on its data security practices and declines to stop a deposition of Elon Musk

—  SAN FRANCISCO — A federal judge on Thursday rejected an attempt by Elon Musk’s social media company to overturn a May 2022 order by the Federal Trade Commission that imposed requirements for safeguarding the personal data of its users.

 

A pile of characters removed from a sign on the Twitter headquarters building are seen in San Francisco, Monday, July 24, 2023, after Musk changed the name of the company to X. (Godofredo A. Vásquez/AP)

The company, then known as Twitter, had agreed to the order and a fine of $150 million after the FTC found that it asked for user phone numbers as a security mechanism but used them for marketing.

Musk bought the company later that year and renamed it X. By then, the FTC had launched a new investigation based on an explosive whistleblower complaint by former Twitter head of security Peiter Zatko, who said the company’s engineers had wide access to data with ineffective tracking.

Musk’s legal team asked U.S. Magistrate Judge Thomas Hixson to throw out the FTC order on the grounds that the agency had improperly increased its scrutiny after Musk took over and also pressured an outside assessor of the company’s security practices to find fault with them.

Hixson denied that motion after a hearing in San Francisco, ruling that the court was only involved in the underlying case for limited procedural reasons, such as the transfer of case documents to the Justice Department. He wrote that he lacked authority to set aside a consent order approved by an FTC administrative judge.

Hixson also declined to interfere in the FTC investigation by letting Musk avoid a deposition.

In his 11-page ruling, Hixson noted other problems with X’s argument. For example, the company had cited an Ernst & Young employee who said in his deposition that he felt the FTC expected him to find issues with X’s privacy program. But Hixson noted that the same employee said his work was delayed by the constant turnover in the executive ranks after Musk took charge and the lack of designated parties in charge of multiple aspects of the privacy program.

And while it is true the FTC increased its activity post-takeover, it had provided reasons for that, Hixson wrote.

“The government says this increase in investigative activity should not be surprising because Musk directed at least five rounds of terminations, layoffs or other reductions in X Corp.’s workforce, which affected the security, governance, risk and compliance team. The government argues that the FTC was concerned about X Corp.’s ability to comply with the Administrative Order given these significant changes to the company,” he ruled.

“As for deposing Musk, the government argues that the major changes to the company appear to have been initiated by Musk himself,” the judge said in declining to stop the deposition.

Joseph Menn / Washington Post

Techmeme

Categories
Business Digital - AI & Apps Government Lifestyle Regulations & Security Science Technology

Port Authority NY NJ expands service and a new 15-device client emerges

MOUNTAIN VIEW, Calif. — (BUSINESS WIRE) — $KSCP #SecurityRobotKnightscope, Inc. [Nasdaq: KSCP] “(Knightscope” or the “Company),” a leading developer of autonomous security robots and blue light emergency communication systems, on Friday announces an expansion of services in New York and a new sale of 15 machines to a police department in California.

 

Port Authority New York New Jersey added the Knightscope Emergency Management System (KEMS) Professional service to monitor its 11 K1 Call Boxes on the George Washington Bridge. The KEMS platform allows clients and technicians to better understand the real-time health and status of deployed emergency communication devices. The cloud-based application monitors the system wide state-of-health, alerts users concerning operational issues, provides technicians real-time error detection/diagnostics, and collects/reports system performance statistics.

 

A police department in Southern California is purchasing 5 K1 Blue Light Towers to be installed in a new public park and 10 K1 Blue Light E-Phones in a new parking structure.

 

Knightscope’s Blue Light Towers, E-Phones and Call Boxes expand access to emergency communications for motorists, bicyclists and pedestrians utilizing the bridge as well as the park visitors by providing direct access to emergency services for people who may be experiencing danger, a crisis or some form of distress.

 

Learn More

Knightscope’s ASR services and industry leading emergency communications products help better protect the places people live, work, study and visit. To learn more about Knightscope’s Blue Light Emergency Communication Systems or Autonomous Security Robots – now with the option of Private LTE – book a discovery call or demonstration now at www.knightscope.com/discover.

 

About Knightscope

Knightscope is an advanced public safety technology company that builds fully autonomous security robots and blue light emergency communications systems that help protect the places people live, work, study and visit. Knightscope’s long-term ambition is to make the United States of America the safest country in the world. Learn more about us at www.knightscope.com. Follow Knightscope on Facebook, X (formerly Twitter), LinkedIn and Instagram.

 

Forward-Looking Statements

This press release may contain “forward-looking statements” about Knightscope’s future expectations, plans, outlook, projections and prospects. Such forward-looking statements can be identified by the use of words such as “should,” “may,” “intends,” “anticipates,” “believes,” “estimates,” “projects,” “forecasts,” “expects,” “plans,” “proposes” and similar expressions. Forward-looking statements contained in this press release and other communications include, but are not limited to, statements about the Company’s profitability and growth. Although Knightscope believes that the expectations reflected in these forward-looking statements are based on reasonable assumptions, there are a number of risks and uncertainties that could cause actual results to differ materially from such forward-looking statements. These risks and uncertainties include, among other things, the risk that the restructuring costs and charges may be greater than anticipated; the risk that the Company’s restructuring efforts may adversely affect the Company’s internal programs and the Company’s ability to recruit and retain skilled and motivated personnel, and may be distracting to employees and management; the risk that the Company’s restructuring efforts may negatively impact the Company’s business operations and reputation with or ability to serve customers; the risk that the Company’s restructuring efforts may not generate their intended benefits to the extent or as quickly as anticipated. Readers are urged to carefully review and consider any cautionary statements and other disclosures, including the statements made under the heading “Risk Factors” in Knightscope’s Annual Report on Form 10-K for the year ended December 31, 2022. Forward-looking statements speak only as of the date of the document in which they are contained, and Knightscope does not undertake any duty to update any forward-looking statements, except as may be required by law.

Contacts

Stacy Stephens
Knightscope, Inc.
(650) 924-1025

Categories
Business Digital - AI & Apps Regulations & Security Science Technology

GitGuardian: Nearly 3K of the 450K projects submitted to PyPI exposed at least one credential in code, like API keys, including some from ‘very large companies’

—  Many transgressions come from “very large companies that have robust security teams.”

 

 

Dan Goodin / Ars Technica:

 

Despite more than a decade of reminding, prodding, and downright nagging, a surprising number of developers still can’t bring themselves to keep their code free of credentials that provide the keys to their kingdoms, to anyone who takes the time to look for them.

 

The lapse stems from immature coding practices in which developers embed cryptographic keys, security tokens, passwords, and other forms of credentials directly into the source code they write. The credentials make it easy for the underlying program to access databases or cloud services necessary for it to work as intended. I published one such PSA in 2013 after discovering simple searches that turned up dozens of accounts that appeared to expose credentials securing computer-to-server SSH accounts. One of the credentials appeared to grant access to an account on Chromium.org, the repository that stores the source code for Google’s open source browser.

 

In 2015, Uber learned the hard way just how damaging the practice can be. One or more developers for the ride service had embedded a unique security key into code and then shared that code on a public GitHub page. Hackers then copied the key and used it to access an internal Uber database and, from there, steal sensitive data belonging to 50,000 Uber drivers.

 

Uber lawyers argued at the time that “the contents of these internal database files are closely guarded by Uber,” but that contention is undermined by means the company took in safeguarding the data, which was no better than stashing a house key under a door mat.

The number of studies published since following the revelations underscored just how common the practice had been and remained in the years immediately following Uber’s cautionary tale. Sadly, the negligence continues even now.

 

Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained at least one unique secret. Many secrets were leaked more than once, bringing the total number of exposed secrets to almost 57,000.

 

“Exposing secrets in open-source packages carries significant risks for developers and users alike,” GitGuardian researchers wrote. “Attackers can exploit this information to gain unauthorized access, impersonate package maintainers, or manipulate users through social engineering tactics.”

The credentials exposed provided access to a range of resources, including Microsoft Active Directory servers that provision and manage accounts in enterprise networks, OAuth servers allowing single sign-on, SSH servers, and third-party services for customer communications and cryptocurrencies. Examples included:

  • Azure Active Directory API Keys
  • GitHub OAuth App Keys
  • Database credentials for providers such as MongoDB, MySQL, and PostgreSQL
  • Dropbox Key
  • Auth0 Keys
  • SSH Credentials
  • Coinbase Credentials
  • Twilio Master Credentials.

 

Also included in the haul were API keys for interacting with various Google Cloud services, database credentials, and tokens controlling Telegram bots, which automate processes on the messenger service. This week’s report said that exposures in all three categories have steadily increased in the past year or two.

 

The secrets were exposed in various types of files published to PyPI. They included primary .py files, README files, and test folders.

Enlarge / Most common types of files other than .py containing a hardcoded secret in PyPI packages.

 

GitGuardian tested the exposed credentials and found that 768 remained active. The risk, however, can extend well beyond that smaller number. GitGuardian explained:

 

It is important to note that just because a credential can not be validated does not mean it should be considered invalid. Only once a secret has been properly rotated can you know if it is invalid. Some types of secrets GitGuardian is still working toward automatically validating include Hashicorp Vault Tokens, Splunk Authentication Tokens, Kubernetes Cluster Credentials, and Okta Tokens.

 

There are no good reasons to expose credentials in code. The report said the most common cause is by accident.

 

“In the course of outreach for this project, we discovered at least 15 incidents where the publisher was unaware they had made their project public,” the authors wrote. “Without naming any names, we did want to mention some of these were from very large companies that have robust security teams. Accidents can happen to anyone.”

 

Over the past decade, various mechanisms have become available for allowing code to securely access databases and cloud resources. One is .env files that are stored in private environments outside of the publicly available code repository. Others are tools such as the AWS Secrets Manager, Google Cloud’s Secret Manager, or the Azure Key Vault. Developers can also employ scanners that check code for credentials inadvertently included.

 

The study examined PyPI, which is just one of many open source repositories. In years past, code hosted in other repositories such as NPM and RubyGems has also been rife with credential exposure, and there’s no reason to suspect the practice doesn’t continue in them now.

 

 

Techmeme

Categories
Business Culture Digital - AI & Apps International & World Lifestyle Perspectives Regulations & Security Science Technology

Companies that provide Microsoft, Google, and others with AI data-labeling services often hire minors, which can be traumatic

 

Niamh Rowe / Wired:

 

 

Like most kids his age, 15-year-old Hassan spent a lot of time online. Before the pandemic, he liked playing football with local kids in his hometown of Burewala in the Punjab region of Pakistan. But Covid lockdowns made him something of a recluse, attached to his mobile phone.

 

“I just got out of my room when I had to eat something,” says Hassan, now 18, who asked to be identified under a pseudonym because he was afraid of legal action.

 

But unlike most teenagers, he wasn’t scrolling TikTok or gaming. From his childhood bedroom, the high schooler was working in the global artificial intelligence supply chain, uploading and labeling data to train algorithms for some of the world’s largest AI companies.

 

The raw data used to train machine-learning algorithms is first labeled by humans, and human verification is also needed to evaluate their accuracy. This data-labeling ranges from the simple—identifying images of street lamps, say, or comparing similar ecommerce products—to the deeply complex, such as content moderation, where workers classify harmful content within data scraped from all corners of the internet. These tasks are often outsourced to gig workers, via online crowdsourcing platforms such as Toloka, which was where Hassan started his career.

 

A friend put him on to the site, which promised work anytime, from anywhere. He found that an hour’s labor would earn him around $1 to $2, he says, more than the national minimum wage, which was about $0.26 at the time. His mother is a homemaker, and his dad is a mechanical laborer.

 

“You can say I belong to a poor family,” he says.

 

When the pandemic hit, he needed work more than ever. Confined to his home, online and restless, he did some digging, and found that Toloka was just the tip of the iceberg.

“AI is presented as a magical box that can do everything,” says Saiph Savage, director of Northeastern University’s Civic AI Lab.

 

“People just simply don’t know that there are human workers behind the scenes.”

 

At least some of those human workers are children. Platforms require that workers be over 18, but Hassan simply entered a relative’s details and used a corresponding payment method to bypass the checks—and he wasn’t alone in doing so. WIRED spoke to three other workers in Pakistan and Kenya who said they had also joined platforms as minors, and found evidence that the practice is widespread.

“When I was still in secondary school, so many teens discussed online jobs and how they joined using their parents’ ID,” says one worker who joined Appen at 16 in Kenya, who asked to remain anonymous.

 

After school, he and his friends would log on to complete annotation tasks late into the night, often for eight hours or more.

 

Read more here:

Companies that provide Microsoft, Google, and others with AI data-labeling services are inadvertently hiring minors, often exposing them to traumatic content

 

 

 

Techmeme

Categories
Culture Digital - AI & Apps For Edit International & World Regulations & Security Technology

Experts: Terrorists utilize generative AI tools to evade hashing algorithms techs use to remove extremist content

—  Experts are finding thousands of examples of AI-created content every week that could allow terrorist groups and other violent extremists to bypass automated detection systems.

 

David Gilbert / Wired:

 

 

EXTREMIST GROUPS HAVE begun to experiment with artificial intelligence, and in particular generative AI, in order to create a flood of new propaganda. Experts now fear the growing use of generative AI tools by these groups will overturn the work Big Tech has done in recent years to keep their content off the internet.

 

 

“Our biggest concern is that if terrorists start using gen AI to manipulate imagery at scale, this could well destroy hash-sharing as a solution,” Adam Hadley, the executive director of Tech Against Terrorism, tells WIRED. “This is a massive risk.”

 

For years, Big Tech platforms have worked hard to create databases of known violent extremist content, known as hashing databases, which are shared across platforms to quickly and automatically remove such content from the internet. But according to Hadley, his colleagues are now picking up around 5,000 examples of AI-generated content each week. This includes images shared in recent weeks by groups linked to Hezbollah and Hamas that appear designed to influence the narrative around the Israel-Hamas war.

 

“Give it six months or so, the possibility that [they] are manipulating imagery to break hashing is really concerning,” Hadley says. “The tech sector has done so well to build automated technology, terrorists could well start using gen AI to evade what’s already been done.”

 

Other examples that researchers at Tech Against Terrorism have uncovered in recent months have included a neo-Nazi messaging channel sharing AI-generated imagery created using racist and antisemitic prompts pasted into an app available on the Google Play store; far-right figures producing a “guide to memetic warfare” advising others on how to use AI-generated image tools to create extremist memes; the Islamic State publishing a tech support guide on how to securely use generative AI tools; a pro-IS user of an archiving service claiming to have used an AI-based automatic speech recognition (ASR) system to transcribe Arabic language IS propaganda; and a pro-al-Qaeda outlet publishing several posters with images highly likely to have been created using a generative AI platform.

 

Beyond detailing the threat posed by generative AI tools that can tweak images, Tech Against Terrorism has published a new report citing other ways in which gen AI tools can be used to help extremist groups. These include the use of autotranslation tools that can quickly and easily convert propaganda into multiple languages, or the ability to create personalized messages at scale to facilitate recruitment efforts online. But Hadley believes that AI also provides an opportunity to get ahead of extremist groups and use the technology to preempt what they will use it for.

 

“We’re going to partner with Microsoft to figure out if there are ways using our archive of material to create a sort of gen AI detection system in order to counter the emerging threat that gen AI will be used for terrorist content at scale,” Hadley says. “We’re confident that gen AI can be used to defend against hostile uses of gen AI.”

The partnership was announced today, on the eve of the Christchurch Call Leaders’ Summit, a movement designed to eradicate terrorism and extremist content from the internet, to be held in Paris.

“The use of digital platforms to spread violent extremist content is an urgent issue with real-world consequences,” Brad Smith, vice chair and president at Microsoft said in a statement. “By combining Tech Against Terrorism’s capabilities with AI, we hope to help create a safer world both online and off.”

 

While companies like Microsoft, Google, and Facebook all have their own AI research divisions and are likely already deploying their own resources to combat this issue, the new initiative will ultimately aid those companies that can’t combat these efforts on their own.

“This will be particularly important for smaller platforms that don’t have their own AI research centers,” Hadley says. “Even now, with the hashing databases, smaller platforms can just become overwhelmed by this content.”

 

The threat of AI generative content is not limited to extremist groups. Last month, the Internet Watch Foundation, a UK-based nonprofit that works to eradicate child exploitation content from the internet, published a report that detailed the growing presence of child sexual abuse material (CSAM) created by AI tools on the dark web.

 

The researchers found over 20,000 AI-generated images posted to one dark web CSAM forum over the course of just one month, with 11,108 of these images judged most likely to be criminal by the IWF researchers. As the IWF researchers wrote in their report, “These AI images can be so convincing that they are indistinguishable from real images.”

 

 

 

Techmeme

Categories
Art & Life Culture Lifestyle Programs & Events Regulations & Security

Timothée Chalamet flashes butt on ‘SNL’ as ‘gay famous’ pop star Troye Sivan

Timothée Chalamet embraced his inner-twink while hosting the Nov. 11 episode of “Saturday Night Live,” in a sketch in which the Oscar-nominated actor played openly gay Australian pop star Troye Sivan.

 

The sketch involved a woman (played by cast member Sarah Sherman) complaining to her doctor (played by cast member Bowen Yang) that she’s been seeing a mysterious figure in her sleep every night. When the doctor uses a new therapy to conjure the image while the woman is awake, Chalamet appears in a white tank-top, baggy blue pants and wavy blond hair.

 

He then breaks into a version of the choreography from Sivan’s recent hit “Got Me Started,” in which the singer at one point flashes his red briefs to the camera while — there’s no other way to report this — wiggling his butt.

 

“What are you? Are you a demon?!” the woman asks her vision.

 

“Not quite, girly,” Chalamet as Sivan responds. “I’m Australian YouTube twink turned indie pop star and model turned HBO actor Troye Sivan being played by an American actor who can’t do an Australian accent.” Sivan recently co-starred on the HBO series “The Idol,” but anyone on TikTok will best recognize him from his recent spate of deeply queer music videos with some iconically memorable dancing.

 

Yang explains that Sivan has started to haunt the dreams of more and more women “now that this boy is sneaking his way into the mainstream.”

 

“Isn’t he kind of famous?” she asks.

 

“He’s gay famous,” the doctor replies. “It’s different!”

 

After Chalamet dances again, the woman’s confusion only grow stronger. “Why does he have my psyche in a choke hold?” she exclaims. Chalamet-as-Sivan responds: “Isn’t it obvious, homie? I look like a moisturized Machine Gun Kelly, and I’m the most iconic blouse ever. Bye, diva!”

 

“Why did he call himself a blouse?!” she asks, her desperation rising.

 

This time, the doctor responds: “A blouse is a fem top!”

 

By the end of the sketch, Sivan’s hold on the woman’s mind has grown so strong, he begins to multiply, at which point musical guest Boygenius — the indie supergroup consisting of Phoebe Bridgers, Julien Baker and Lucy Dacus — appear in identical Troye Sivan drag. Yang’s doctor joins them, and, yes, more red undies are wiggled at the camera.

 

UPDATE: On Sunday morning, Sivan responded to the sketch on TikTok by evoking the sketch itself. “The only way I can describe this is like it’s a weird fucking dream,” he said. “Like, imagine: Timothée Chalamet was in my dream, but he was me, and he was wearing my clothes…”

Check out the sketch below, and the mesmerizing Troye Sivan music video that inspired it.

Troye Sivan music:
https://www.youtube.com/watch?v=WjLcVqjIkLo

 

 

Variety

Categories
Business Culture Economics International & World Lifestyle Perks Regulations & Security Technology

Alibaba and JD.com reported YoY sales increases for Singles Day, but this year also, neither company provided overall revenue figures

  • Analysts estimate the leaders chalked up single-digit gains
  • Newer platforms like PDD and Douyin may have far outpaced them

 

 

Sarah Zheng / Bloomberg:

 

—  China’s Alibaba Group Holding and JD.com reported sales increases for Singles’ Day, after the e-commerce giants offered steep discounts 

 

Alibaba Group Holding Ltd. and JD.com Inc. reported sales increases during China’s most important shopping festival, yet likely lagged newer entrants from social media platforms like ByteDance Ltd.’s     Douyin during a muted year for consumer spending.

Analysts scrambled for clues after China’s two e-commerce leaders again failed to disclose overall revenue numbers during Singles’ Day, the annual bargains extravaganza built around a Nov. 11 event that Alibaba popularized over a decade ago. Historically a barometer for Chinese consumer sentiment, it’s become much harder to parse since companies stopped providing precise figures during the turmoil of the Covid era.

 

Online transactions across the three largest platforms — Alibaba’s Tmall, JD.com’s main portal and PDD Holdings Inc.’s China-only Pinduoduo service — likely slipped about 1% to 923.5 billion yuan ($127 billion) during the festival, Bloomberg Intelligence analyst Ada Li estimated, calculating based on retail channel data tracked by Syntun. While a smaller piece of the pie, streaming platforms such as Douyin and Kuaishou Technology grew transactions by 19%, according to Li’s analysis.

Others painted a slightly rosier picture. Alibaba and JD likely managed 1% to 3% growth in gross merchandise value over the three- to four-week period leading up to Nov. 11, when merchants embarked on their discounting spree, Goldman Sachs estimated. PDD, which targets lower-income and rural markets, racked up growth of 20%, analyst Ronald Keung estimated.

Alibaba and JD.com report earnings this week and should offer more insight into whether domestic consumption has recovered.

“The slowing growth shows we need to roll out large-scale economic stimulus measures that are strong enough to lift market confidence and drive up the economy,” Ren Zeping, a well-known economist who was formerly a researcher at the State Council’s Development Research Center, wrote Monday.

“Consumers are becoming more mature and rational as they go after high value for money. Their perception of brands is also changing, and domestic brands with high value for money are rising.”

 

 

Read more here:

Alibaba and JD.com reported YoY sales increases for Singles Day, but neither company provided overall revenue figures for the event for the second straight year

 

 

 

Techmeme

Categories
Business International & World News Now! Regulations & Security Science Technology

An in-depth look at a covert Russian operation to get dual-use specialist microchips, which are protected by EU export controls, into the hands of the state

—  A rare look inside a covert Russian-led operation to get strategic technology protected by European export controls into the hands of the state

 

 

Financial Times:

 

As their yacht bobbed on the Mediterranean in July 2021, Marc Rocchi snapped a picture of the slightly doughy Russian man in baggy swimming trunks, dozing with his head propped against the helm. The French businessman would later say that he only knew the Russian by his first name, Maxim.

 

But he knew the purchases Maxim had been making for years had been essential to the survival of Ommic, a French microchip manufacturer of which Rocchi was then director-general.  Desperate to keep the flow of chips moving, just a few months earlier Rocchi had flown to Greece to hand-deliver Maxim a shipment of 230 microchips — €45,000 worth. Maxim had, at one point, offered Rocchi “cash and women.” But Rocchi said he declined — he needed Maxim’s business to keep Ommic afloat.

 

Rocchi always knew his business partner was buying microchips on behalf of a Russian state enterprise, and that Maxim used a network of intermediaries to get them out of France and into Russia. And he also knew Maxim was working on behalf of Istok, which Rocchi described as a state research body. Istok is in fact a state-owned technology company that makes electronic warfare systems for the Russian military.

 

Today, Ommic has closed and Rocchi is awaiting trial in France, having been indicted in March. He denies charges of sending secrets to a foreign power that could harm the national interest, exporting dual-use goods to Russia, and submitting false documents.  According to sources familiar with the investigation, Rocchi has previously argued to police that the goods and information sent by Ommic were not subject to controls, disputed that sensitive information was ever sent abroad and said that other people were responsible for any false documents. He has declined to comment to the Financial Times.

 

The photograph was a rare slip in what appears to be a decades-long Russian intelligence operation. The man pictured, Maxim Ermakov, has been sanctioned by the US and UK governments in the past fortnight as part of a major crackdown on the networks that Moscow’s intelligence services use to procure advanced western technology for President Vladimir Putin’s war machine. He did not respond to a request to comment. This rare account of the activities of such a network illustrates how difficult it is for western governments to tackle Russian state smuggling operations, and prevent western technology from being used by Russian industry and the military.

 

Specialist microchips, such as the high-performance gallium nitride and gallium arsenide-integrated circuit boards that Ommic made, are vital to Russian defence manufacturers such as Istok. According to Le Parisien, a senior French defence official told investigators that the chips were a “sensitive, strategic technology”

 

Marc Rocchi being interviewed at a convention in China in 2018 © YouTube
Eoin Sugrue, left, and his brother Denis, in Limerick, Ireland, in 1983. Both brothers have links to Maxim Ermakov © public domain sourced / access rights from WS Collection / Alamy Stock Photo

 

 

Read more here:

An in-depth look at a covert Russian operation to get dual-use specialist microchips, which are protected by EU export controls, into the hands of the state

 

 

 

Techmeme