Microsoft is making security its number one priority for every employee, following years of security issues and mounting criticisms. After a scathing report from the US Cyber Safety Review Board recently concluded that “Microsoft’s security culture was inadequate and requires an overhaul,” it’s doing just that by outlining a set of security principles and goals that are tied to compensation packages for Microsoft’s senior leadership team.
Last November, Microsoft announced a Secure Future Initiative (SFI) in response to mounting pressure on the company to respond to attacks that allowed Chinese hackers to breach US government email accounts. Just days after announcing this initiative, Russian hackers managed to breach Microsoft’s...
Pokémon Go players are creating a headache for members of the open source map tool OpenStreetMaps by adding fake beaches where they don’t exist in hopes of more easily catching Wigletts, a Pokémon that only spawns on beaches.
OpenStreetMaps is a free, open source map tool much like Google or Apple maps, but is maintained by a self-governing community of volunteers where anyone is welcome to contribute. An April 27 thread in the OpenStreetMap community forum first spotted the issue, flagging two users in Italy who began marking beaches in all sorts of locations where they don’t actually exist.
The OpenStreetMap user who noticed the fictitious beaches immediately connected the dots: Pokémon Go, the mega popular mobile game where players catch Pokémon and can engage in different activities depending on their geolocation, introduced different “biomes” like beach, city, forest, and mountains. Each of these have a different look, and critically, some specific Pokémon will only spawn at specific biomes. Wiglett, for example, only spawns at beaches. Some video game sites quickly noticed that Pokémon Go’s beaches were appearing in real world locations like golf courses, sports fields, and other places that are not real beaches. Pokémon Go uses OpenStreetMap for its map data, and is how the game knows players are near certain points of interest.
The OpenStreetMap user created a filter of OpenStreetMap that surfaced instances where “new mappers” added beaches to the map, revealing a number of clearly fake submissions.
For example, in Egmating, a community in the Upper Bavarian district of Ebersberg in Germany, one user flagged a residential backyard as a beach, before another OpenStreetMap reverted the change.
“Please stop adding this kind of nonsense,” the user who reverted the change said after making the correction.
“Oh dear, a new Pokemone :(,” another user commented in German.
A screenshot of OpenStreetMap replies to a fake beach.
A Pokémon Gosubreddit also shows that the player community has figured out which OpenStreetMap tags cause Wiglett to spawn.
“Wiglett should spawn in areas tagged as "natural=beach" or "natural=coastline" on OpenStreetMap (OSM). To quickly highlight any locations tagged with this we can use Overpass Turbo to query OSM and display any locations tagged this way,” one user wrote. “Keep in mind Wiglett is not a common spawn from what I gather, so I suspect some luck will be involved in their been an active spawn when you visit an area that can spawn them … As /u/MatDragonx has mentioned in the comments it appears "natural=coastline" can also spawn Wiglett. Wiglett have been noted spawning here in Hull, UK which is tagged as natural=coastline.”
It’s not clear how often Pokémon Go updates the game with data from OpenStreetMaps, but in theory the people who are manipulating the data would have easier access to the beach biome the next time it does. Pokémon Go developer Niantic did not immediately respond to a request for comment.
The OpenStreetMap thread goes on to identify one repeat offender who added dozens of fake beaches. Some are near bodies of water, like lakes, rivers, or docks, and others are landlocked schools, parking lots, and random strips of land. If there was any doubt that some of these changes are being made by Pokémon Go players, the same repeat offender also marked the map with his handle, as well as a poké ball.
A screenshot of the OpenStreetMap community thread.
“Hello again, Thanks for your interest in OpenStreetMap,” an OpenStreetMap user who corrected dozens of these changes said in a comment on one of the fake beaches. “OpenStreetMap is a real map used by thousands of people everyday for many purposes, including disaster response, navigation, business, and many other things. Please only add real information to the map that you know to be accurate.”
“I spent some time fixing up beaches last night,” another OpenStreetMap map user said in the thread. “There’s definitely way more new editors adding fake features than I have seen in any other Pokemon go update (I wasn’t around for the earlier ones shortly after release).”
Pokémon Go players have been finding ways to cheat in the game and find rare Pokémon without always putting in the legwork since the game’s memorable launch in 2016, mostly by spoofing their geolocation. In 2017, Pokémon Go started using OpenStreetMap for its map data, and quickly started manipulating data for its needs. The OpenStreetMap community is aware of the game’s influence and Reddit posts as old as seven years show contributors to the OpenStreetMap project asking Pokémon Go players adding false data.
“[S]ome of you added parks in the backyard of your Grandmas home, every tree was a garden and every puddle a pond,” the old Reddit post says. “Please only map ‘Map what's on the ground.’"
The project’s wiki also has a page named “Tips for new (Pokemon Go) mappers” which asks players to “please [...] do map things that exist on the ground. The map is used by pedestrians, people with disabilities, cyclists, hikers, canoeists, drivers and others. Do not add things -such as footways- that do not exist.”
This is all a pretty funny throwback to a time when Pokémon Go was wildly popular and cheating in it was a pretty big deal, but also another example of the very hard work the open source community does to maintain widely used tools online. Jason recently reported on a very elaborate supply chain attack that involved a bad actor elevating themselves to a position in maintaining an open source Linux tool so they could plant a backdoor in the code, which itself is an example of how bullying open source software developers is a massive security vulnerability.
This is why we can't have nice things. I'm kind of torn here between being impressed by their creativity and upset by their public defacement in the service of a stupid video game.
On Tuesday, dozens of New York Police Department officers raided Columbia University’s campus and arrested more than a hundred students camped out on its lawn and occupying one of its buildings.
The next day, the NYPD released a dramatically edited hype video detailing its efforts and warning others not to protest. Immediately upon seeing the video, we filed a public records request asking for information about how the video was made, what editing notes are given, who asked for it to be made, how much it cost to make, and other information about the video. I am not optimistic that we will get it. If we do, I suspect that it will take many years.
The fact that the NYPD was able to spin out a propaganda video in less than 24 hours using body camera footage and what looks to be professional video taken by the police is notable, because the New York City government, including the NYPD, has been horrendously—and perhaps illegally—slow at producing public records they are obligated by law to provide to the taxpayers who fund them.
0:00
/4:34
This problem predates Eric Adams’ mayoral term, but has continued well into the Adams administration. Over the last few years, Joseph and I have filed many public records requests (called Freedom of Information Law, or FOIL requests in New York) with New York City agencies including the NYPD, and have received almost nothing back. The law states that documents must be provided within 20 business days, but that almost never happens in practice.
The reason we file public records requests, not just with the NYPD but so many more local, state, federal, and military agencies, is that the records produced can give insight into an agency’s thinking; why certain decisions were made; why certain actions were taken (or not taken). We regularly request emails, contracts, memos, bodycam footage, Powerpoint presentations, and much more. Often these documents result in an article, sometimes they don’t. Regardless, we think a healthy sign of a government, whether that’s concerning a tiny local police department or an intelligence agency, is citizens being able to request and receive information that is in the public interest, and which can lead people to be more informed.
0:00
/0:12
FOI delays are very common all over the country, but the turnaround time for these requests with the city of New York and the NYPD, though, has often been absurdly long. Take, for example, a request I filed on November 15, 2019 about possible communications between the Citizen “neighborhood watch” app and the New York City mayor’s office. The request was acknowledged by the city on November 18. I was then told by the city on November 26 that “you can expect a response on or about Friday, May 29, 2020.”
Here is what has happened since then:
May 29, 2020: Delayed until November 27, 2020
November 30, 2020: Delayed until May 28, 2021
May 28, 2021: Delayed until November 29, 2021
November 29 2021: Delayed until December 15, 2021
December 28, 2021: Delayed until March 23, 2022
March 22, 2022: Delayed until June 16, 2022
May 27, 2022: The city tried to close my request altogether
June 15, 2022: Delayed until August 1, 2022
July 14, 2022: City closed my request
July 19, 2022: I email the city, say “YES I am still interested, you have pushed the date back many times and have failed to meet any date you’ve promised or that you are statutorily obligated to meet. Please reopen.”
July 22, 2022: Request reopened. Response delayed to September 16, 2022
September 19, 2022: Delayed until October 31, 2022
October 31, 2022: Delayed until December 30, 2022
December 28, 2022: Delayed until February 14, 2023
February 13, 2023: Delayed until March 29, 2023
March 29, 2023: Delayed until May 24, 2023
May 24, 2023: Delayed until July 10, 2023
July 10, 2023: Delayed until August 21, 2023
August 21, 2023: Delayed until October 3, 2023
October 6, 2023: Delayed until December 4, 2023
December 5, 2023: Delayed until February 1, 2024
February 2, 2024: Delayed until April 26, 2024
April 29, 2024: Delayed until July 24, 2024
Perhaps you, like me, do not have a lot of confidence that I am ever going to get the documents I requested.
A similar request I filed directly with the NYPD was answered more quickly, but the police said they had no documents about Citizen whatsoever, which is hard to believe considering that the NYPD had issued a public statement about Citizen shortly before I filed the request.
My experience asking for Citizen documents is not unique. On November 4, 2021, I asked for documents about Eric Adams’ plan to take part of his paycheck in Bitcoin. The Adams administration has pushed back its expected response date to provide those documents 17 times so far, and I have still not gotten anything.
The New York Police Department has pushed back a request I filed about Eric Adams’ apparent practice of carrying around a photo of Officer Robert Venable, a police officer who was killed. The New York Times reported that “the weathered photo of Officer Venable had not actually spent decades in the mayor’s wallet. It had been created by employees in the mayor’s office in the days after Mr. Adams claimed to have been carrying it in his wallet. The employees were instructed to create a photo of Officer Venable, according to a person familiar with the request,” The New York Times reported. “A picture of the officer was found on Google; it was printed in black-and-white and made to look worn as if the mayor had been carrying it for some time, including by splashing some coffee on it, said the person.” The NYPD pushed back its expected date for fulfilling my request from November 24, 2023 to December 29, 2023, and has ignored follow ups from me since then.
Joseph, meanwhile, is still waiting on a response to a request with the NYPD related to communications about the robot company Boston Dynamics, filed in 2021; one concerning Amazon Ring from 2019; and another about virtual reality simulator training from 2021. When Joseph has managed to get the NYPD to finally respond to a request, the agency has repeatedly declined to provide the requested records anyway. That includes a request about the NYPD and the Microsoft Advanced Patrol Platform (MAPP), which is a modified Ford Explorer fitted with extra technology for law enforcement purposes. The NYPD did produce documents for one of Joseph’s requests over the years: a series of letters from Grayshift, a company that makes tools for breaking into and extracting data from mobile phones.
One of the ways journalists—and residents—are supposed to be able to hold their government accountable is by using Freedom of Information requests to see what is happening behind the scenes. At Columbia University and City University of New York (CUNY), we would like to see basic things like who contacted the NYPD and the Adams administration, what did they say, when did they say it, how was it responded to? This is not to say that NYPD and NYC never provide documents, but they are incredibly slow to do so, and often provide documents only months or years after a news event, by which time their relevance often has faded.
It is possible to file lawsuits to speed up this process, but this is not a feasible or affordable option for the vast majority of people who file FOI requests with the city of New York. To its credit, New York City has an Open Records portal where it is possible to see the huge number of FOI requests the city is dealing with, and how far behind it is on these requests. There are currently more than 23,800 open requests with the NYPD (meaning requests for which documents have not been provided). The city as a whole has more than 55,000 open requests. Many requests from as far back as 2018 are still open.
The portal showing extremely overdue FOI requests.
We want to see what types of equipment was brought, how the police were talking about the protesters behind the scenes, where the idea that the infamous bike chain was “industrial” came from. We want to see who asked the police to make a hype video, what the “script” was, the raw body camera footage used to make it, the editing notes and feedback that the people making it got and were given, where the music came from and what other types of music were tried, how much it cost to make, and a lot more. Were the parts of the video where police say “this is not a tent city, this is our city, this is New York City” scripted? How about the part where an officer said the encampment “smells bad, it just reeks?” Did they do multiple takes?
Right now, these mechanisms of transparency and accountability are not working in New York City.
Police officers cannot detain someone on the street just because that person acts furtively to avoid contact with them, the California Supreme Court ruled Thursday.
Who has better crazies? Last night, California law enforcement moved in to start clearing the pro-Palestine encampment of protesters at UCLA.
Not to be outdone by the New Yorkers over at Columbia, which had its own night of arrests just a day prior, the college students at UCLA sprayed cops with fire extinguishers and barricaded themselves with plywood. (They literally built a wall and instituted checkpoints, the irony of which does not seem to register.)
Counter-protesters tried to pull the plywood down. They shot fireworks into the encampment. They reportedly sprayed mace. Violence on both sides ensued:
Dueling groups of pro-Palestinian protesters and pro-Israel counterprotesters clashed Wednesday at UCLA, breaking out in fistfights, tearing down encampment barricades and using objects to beat one another. https://t.co/eLTOkdLARPpic.twitter.com/rlM40wLHDx
So last night, the school sent law enforcement in to attempt to stop the violence and clear the tent city. Video emerged of police using stun grenades. A little before publication time, at least one California Highway Patrol (CHP) officer shot something toward the protesters in the encampment, which was met with shouts of "Don't shoot!" and "We're just students!" (The CHP said officers are loaded with nonlethal tools like flash-bang devices. The officers also held off for roughly six hours after issuing orders for protesters to disband; they have only just recently begun moving in and attempting arrests.)
"More than 1,300 protesters have been taken into custody on U.S. campuses over the past two weeks," reportedThe New York Times. "Arrests were made on Wednesday at the University of Texas at Dallas, Dartmouth College in New Hampshire and Tulane University in New Orleans, among other places."
The questions of what type of speech ought to be permitted are fairly thorny here. Restrictions on speech should, of course, be content-neutral. Public and private universities have different obligations. Protests surely run afoul of university policies when they disrupt university operations:
Campus operations will be limited tomorrow and Friday. Please continue to avoid campus and the Royce Quad area. Per Academic Senate guidance on instruction, all in-person classes are authorized and required to pivot to remote tomorrow and Friday. https://t.co/MNiqJ7bu67
And protests that devolve into vandalism and violence—as many have—ought to be treated differently than mere speech. One could make the case that encampments, housing peaceful protesters, are civil disobedience, but part of what makes civil disobedience work is being willing to stoically incur harsh consequences for your actions. Universities are well within their rights to clear tent cities from their campuses, but perhaps protesters who believe in their cause would be better served by simply taking the arrest and proving to the interested public that they are willing to sacrifice for this cause.
Absent that, the UCLA protesters—who have likened the waving of bananas near their encampment (since someone has an allergy) to Israeli settlers waving machine guns, and prevented students from attending class—deserve little respect.
Relevance allergies: Yesterday, the Libertarian Party (L.P.) announced a huge convention get: Former President Donald Trump will be speaking, and you can even buy merch in preparation for the big event (never mind the fact that the man already had four years during which he could have pardoned Julian Assange or Ross Ulbricht, yet chose not to). It says it also invited President Joe Biden and Robert F. Kennedy Jr. to speak, but to my mind it's not exactly shocking that Biden ignored the invite.
— Zach Weissmueller (@TheAbridgedZach) May 1, 2024
"I know there are some libertarians who have a severe allergy to relevance, but it is an undeniably great thing that Trump is speaking at the Libertarian Party National Convention," wrote comedian Dave Smith on X. "It will generate more attention on our party and the issues that we care about, than we've ever had."
Perhaps you're sitting there wondering why the L.P.—which, at this convention, will be nominating its own presidential candidate (contenders include Chase Oliver, Mike ter Maat, and Michael Rectenwald)—would want to host the former president and presumptive nominee for another party. To answer these questions, I called up L.P. Communications Director Brian McWilliams.
All publicity = good publicity? The media attention "is going to be more than we have ever experienced," says McWilliams. "Do you think libertarians will be happy about it?" I asked, to a firm yes from him: "This gives us an opportunity to get Donald Trump up there, to make him answer questions from our philosophical base." When I asked who would be moderating—who will be doing the pushing back, and making sure Trump doesn't turn this into a bloviating stump speech—he said he did not yet know, but possibly the L.P. chair, Angela McArdle.
"RFK [Jr.] was flirting with [the L.P.] because we are a growing bloc. Trump's seeing that," says McWilliams. "Growing bloc via what metric?" I asked. "I think we now are getting to a point where we're representing more Americans," he continued, to which I pressed: "Do we have data that reflects that?"
"We don't have data that reflects that as far as party registration or affiliation," responded McWilliams. "I'm basically speaking from the point of what we're seeing from a cultural perspective." Following the Reno Reset in 2022, at which point the Mises Caucus—essentially, mostly anarcho-capitalist edgelords who spend a lot of time online—took over the party, libertarians have widely criticized the nouveau L.P. for its dropping membership and struggles with fundraising.
As for the merch, McWilliams says "it was basically an internal miscommunication as far as timing…some version of merch might be made available, I can't say if it's going to be that exact variety." And, there's still "a question of whether or not we want to be selling merch for Donald Trump that's affiliated with the Libertarian Party or not."
"This was something that somebody clearly spent time and resources on," I noted, to which he admitted that "without a doubt there was internal thought given to creating the merchandise, you know, that there's no denying that….[But] this was not something that I wanted to go out the same exact day the same exact time." All of this struck me as wishy-washy, like they were caught in something that looked bad, and want to save face.
Awfully close? McArdle released a meandering 17-minute video chalking up a lot of the rollout awkwardness to internal incompetence.
"The founders of this party were hardcore radicals. They were anarchists. They hated the government. Many of our members are anarchists; we want total abolition of the federal government. And when we see someone else [Donald Trump] get potentially kicked off the ballot for, you know, not agreeing with the election results, complaining about the federal government, and so on and so forth, that looks awfully close to some of the views we have about the legitimacy of the federal government."
Well then! So maybe this isn't an L.P. endorsement of Trump, but boy could you be forgiven for thinking they fancy him and are willing to excuse some of his more election-subverting actions.
Scenes from New York: It's now confirmed, both by Columbia's president and by Mayor Eric Adams, that "individuals not affiliated with the university" were the ones leading the Hamilton Hall break-in and barricade that got shut down by NYPD yesterday. "Approximately 300 people were arrested," and they do not know the breakdown yet of outside agitators vs. students.
QUICK HITS
Bill Ackman, a major Harvard donor who was one of the top voices calling for former President Claudine Gay to step down following her insufficient handling of antisemitism on campus, has seemingly decided to take his dollars elsewhere:
"NO bagels" needed at the UCLA pro-Palestine encampment. (Too Jewish-coded? Are they coming for lox next? SMH, I knew I didn't like these kids.)
"Federal Reserve Chair Jerome Powell kept hopes alive for an interest-rate cut this year while acknowledging that a burst of inflation has reduced policymakers' confidence that price pressures are ebbing," reportedBloomberg. Jerome, you big tease!
"Lack of ammunition is forcing the outnumbered Ukrainian soldiers to pull back, one village after another, including three surrendered Sunday, as intense fighting roils the countryside surrounding Avdiivka nearly three months after the strategic city fell to Russia," reported the Associated Press. "Facing an outcry after Avdiivka's fall, Ukraine is rushing to build concrete-fortified trenches, foxholes, firing positions and other barricades on the front lines. But relentless Russian shelling, lack of equipment and crippling bureaucracy plague construction across the vast 1,000-kilometer (600-mile) front, even as a new Russian offensive looms."
Log in
