No, a Shadowy Figure Is Not Buying Tents for Columbia Student Protesters | The False Choice in the Debate Over Artificial Intelligence Regulation | Software Backdoor is a Wakeup Call for Cybersecurity, and more

Yet the debate over which AI harms to target and which to ignore is based on a questionable premise, and it presents a false choice. In practice, recognition of short-term and long-term AI risk is mostly complementary, with each type of risk strengthening the case for systemic AI regulation. As we argue in a recent law review article, effectively addressing serious AI harms will require regulatory oversight at every major stage of the AI process, from design to training, to deployment, to post-deployment fine-tuning. This is as true of present-day harms as it is of potential future risks. And many of the regulatory steps necessary to address short-term harms are important first steps for regulating advanced future AI systems. We do not need to choose.

Software Backdoor is a Wakeup Call for Cybersecurity  (Jeffrey Vagle, Just Security)
As March gave way to April, the cybersecurity community was abuzz with the news that liblzma, a component of the xz open source data compression utility, had been hijacked as a vehicle for code that could create a backdoor into computers that installed and ran the software. It’s likely that you’ve never heard of liblzma or xz, nor spend much time thinking about software compression utilities. But whether you know it or not, you may have actually installed and used xz through its inclusion in other software tools, as is the case with many obscure open source software packages, and that’s a problem for cybersecurity. The malicious code hidden in xz was not discovered due to the careful vetting of the software by teams of cybersecurity professionals on a mission to weed out malware. Rather, the problem was discovered by happenstance, and the bad news is, we are often at the mercy of luck when it comes to detecting cybersecurity attacks before they are actually deployed and used.
Despite its general obscurity, the xz utility is widely used on many computing platforms. There is nothing particularly noteworthy about xz, one of many software compression utilities that take large files and data streams and make them smaller by taking advantage of statistical redundancies in information. Compression tools can be presented as stand-alone pieces of software but are more often part of a larger software package that might invisibly use the compression functions as part of its overall purpose. This was how the xz package became embedded in larger software projects. The xz tool has been around for over 15 years with no security defects and has been deployed in many operating systems since then, including most Linux distributions and Microsoft Windows. In addition, xz had been added as a dependency in the OpenSSH software package, a widely used set of tools for secure login between computers. What is noteworthy about xz’s inclusion is that it was indirectly added to optionally work with internal functions of Linux operating systems, not as part of OpenSSH’s core technology.
You might think that an open source software project as widely depended upon as xz would be maintained by a sizable team of developers whose code was regularly reviewed by security experts. That was not the case. The xz utility was being maintained by a single developer who had started to have problems with his health and had been slow to publish updates to xz because of them. In October 2021, a developer named Jia Tan started making contributions to the xz code and offered to take over maintenance of the project. In 2023, the reins were passed over to Jia, and they began to carefully introduce a well-concealed piece of malware into the xz code, releasing the final version in February 2024, where users of the code such as Linux distributions picked it up for inclusion in future versions of their own software.

Russia Vetoed a UN Resolution to Ban Space Nukes  (Stephen Clark, Wired)
Russia vetoed a United Nations Security Council resolution Wednesday that would have reaffirmed a nearly 50-year-old ban on placing weapons of mass destruction into orbit, two months after reports Russia has plans to do just that.
Russia’s vote against the resolution was no surprise. As one of the five permanent members of the Security Council, Russia has veto power over any resolution that comes before the body. China abstained from the vote, and 13 other members of the Security Council voted in favor of the resolution.
If it passed, the resolution would have affirmed a binding obligation in Article IV of the 1967 Outer Space Treaty, which says nations are “not to place in orbit around the Earth any objects carrying nuclear weapons or any other kinds of weapons of mass destruction.”

Massive Policing for Paris Olympics to Include Security Checks for Some of the Capital’s Residents  (John Leicester, AP)
Special anti-terrorism measures being put in place to safeguard the unprecedented opening ceremony for the Paris Olympics on the River Seine will also apply to all buildings along the route, meaning people who work and live there and their guests will be subjected to background security checks, Paris police chief Laurent Nunez said Thursday. Those affected will be cross-checked against security services’ databases, to see whether they have previously been flagged as suspected Islamist extremists or for other radicalism, Nunez said. The wildly ambitious July 26 ceremony is proving to be a gargantuan security challenge. Athletes will be paraded through the heart of the French capital on 94 boats along a 6-kilometer (nearly 4-mile) stretch of the Seine, from east to west. They’ll be accompanied by 87 other boats for security, media and other people.

How Australia Struggled to Get Elon Musk’s X to Remove Video of a Terrorist Attack  (Mike Cherney, Wall Street Journal)
When Australian regulators wanted Elon Musk’s X to remove videos of the stabbing of a religious leader, they sent their requests through a website multiple times. At first, automated replies came back. Nearly 24 hours after submitting a formal notice to remove the video, an Australian official emailed an X executive directly to ask her how X was responding. She told him the social-media platform had “withheld” the video for users in Australia. The account of the attempts by regulators to get X to remove the video was revealed in court filings in a lawsuit by the Australian eSafety Commissioner, which is arguing X hasn’t really removed the video because Australians can still use a virtual private network—which masks a user’s true location—to watch it.