Microsoft isn't done refining the interface on your Xbox console. The company is rolling out an updated home screen for Xbox Series/X and One users that theoretically puts games within closer reach while giving you more room to customize the experience. There's now a quick access menu that helps you jump to your collection, Game Pass, the Microsoft Store and common functions like search and settings. You can pin favorite games and groups, and there are curated lists of games to help discover titles. The update should reach everyone within a few weeks.

At the same time, a simpler layout creates more room for your custom background. An option can change the background to match the game you've selected in your recently played list, somewhat like PlayStation's carousel. A refreshed community row helps show what friends are doing, while media spotlights and lists help you find new content to see or hear.

It's easier to buy games, too. At the same time, PayPal has revealed that you can "soon" use Venmo to buy games, apps and subscriptions in the Microsoft Store on Xbox in the US. This will help you make use of spare Venmo funds, of course, but it will also give you a way to split payments if you can't justify an up-front purchase.

The rethink comes eight months after Microsoft began publicly experimenting with a new Xbox interface. The company has a history of frequent UI redesigns and tweaks, particularly in the Xbox One era. Sony, in contrast, is relatively conservative and rarely makes major changes to the PlayStation front end in the middle of a console cycle. Microsoft's iteration may be frustrating if you're hoping for a consistent experience, but it does suggest the company is responding to gamers' feedback and hoping to stand out in the market.

The Academy of Television Arts and Sciences has announced this year's Emmy nominations and there's lots of good news for the team behind The Last of Us. HBO's massively successful series scored 24 nominations, more than any other show this year except Succession (27). The White Lotus (23) and Apple TV+ comedy Ted Lasso (21) followed closely behind.

The Last of Us is the first live-action video game adaptation for film or TV to make a serious dent at a major awards ceremony (League of Legends series Arcanewon the Emmy for Outstanding Animated Program last year). It's up for Outstanding Drama Series alongside Andor, Better Call Saul, House of the Dragon, Succession, The White Lotus and Yellowjackets.

Pedro Pascal (who has three nods in total this year) and Bella Ramsay picked up nominations for their lead roles in The Last of Us. So did guest stars Melanie Lynskey, Storm Reid, Anna Torv, Murray Bartlett, Lamar Johnson, Nick Offerman and Keivonn Montreal Woodard. Craig Mazin, the show's co-creator, and Peter Hoar are, respectively, nominated for writing and directing the show's stellar third episode, "Long, Long Time."

Elsewhere, reigning champ Ted Lasso will compete against Abbott Elementary, Barry, The Bear, Jury Duty, The Marvelous Mrs. Maisel, Only Murders In The Building and Wednesday in the Outstanding Comedy Series category. On the Star Wars front, Andor scooped up eight nominations and The Mandalorian got nine. Obi-Wan Kenobi snagged five, including one for Outstanding Limited or Anthology Series.

Disney+ film Hocus Pocus 2 (three nominations in total) and Roku's Weird: The Al Yankovic Story (eight nods overall) are up for Outstanding Television Movie. Amazon's big-budget The Lord Of The Rings: The Rings Of Power landed six nominations, mostly in technical categories. 

Stranger Things, which isn't eligible for top honors this year, also has six nods in down-the-line categories. Meanwhile, Peacock's Poker Face snagged four nominatons, Star Trek: Picard has two in makeup categories and Netflix's brilliant I Think You Should Leave With Tim Robinson snagged a pair of nods.

Perhaps unsurprisingly given how many nominations Succession, The Last of Us and The White Lotus racked up, HBO leads the pack this year with 127 nominations overall. According to Deadline's tally, Netflix has the most of any streaming-only network with 103, followed by Apple (52), Amazon (46 between Prime Video and Freevee), Hulu (42 or 64 if you include FX shows), Disney+ (40), Peacock (eight) and Paramount+ (seven). By contrast, broadcast networks earned 86 nods between them.

This year's Emmy Awards ceremony is scheduled to take place on September 18th. However, amid the WGA writers' strike and pending action by the actors' union, reports suggest it may be delayed until November or even January.

Hayao Miyazaki's final film, the tentatively titled How Do You Live?, is coming to IMAX theaters. The milestone marks a first for Miyazaki and the animation studio he co-founded nearly four decades ago. According to Anime News Network, the film will also screen in Dolby Atmos, Dolby Cinema and DTS:X when it arrives in Japan on July 14th.

As Gizmodo notes, past Studio Ghibli films did not receive the IMAX treatment during their original theatrical runs. When you add that to the fact How Do You Live? is supposed to be Miyazaki's swan song (or so the auteur claims), you have the makings of a must-see movie event. However, one potential hitch is that the film doesn't have an international release date yet, and it's unclear if a North American distributor could secure IMAX screens for How Do You Live? when and if it arrives outside of Japan. In recent weeks, the availability of IMAX screens has been a contentious issue in Hollywood, with Tom Cruise reportedly calling some theaters to convince them to screen Mission: Impossible - Dead Reckoning Part One instead of Christopher Nolan's Oppenheimer.

Details on How Do You Live? are sparse. Studio Ghibli has not released a trailer for the film or bought any TV spots. In fact, the only promotion it has done so far for How Do You Live? is the single poster the studio released last month. The film is an original work but is named after the 1937 novel of the same name by Genzaburo Yoshino. In interviews, Miyazaki has said the book plays an influential role in the life of his film's protagonist.

Late last month, Apple uploaded the debut episode of Silo to Twitter to promote the show's season one finale. Now it's doing the same with its other tentpole sci-fi series. Starting Monday, you can watch Foundation's first episode on YouTube ahead of season two'sJuly 14th premiere.

Apple's live-action adaptation of Issac Asimov's classic novel series of the same name premiered in 2021 following a pandemic-related production delay. As 9to5Mac notes, you can already watch the first episode of the series for free on Apple TV, but that requires access to the app and not everyone might want to install Apple's streaming service on their smart TV. Season two of Foundation sees some of season one's original cast, including Lee Pace and Jared Harris, return. Filming of season three is rumored to be already underway. In the meantime, you can watch the show's first episode on Monday at 2PM ET, followed by a live Q&A with showrunner David Goyer.

With Twitter seemingly on its very last legs, it doesn't come as a big surprise that other social media giants would want to capitalize on the void. Meta is launching Threads, which allows users to write and comment on posts much in the same way as Twitter. Now we have a first look at how Threads will operate, thanks to early users' profiles showing up on its website.

Instagram head Adam Mosseri has used his first few posts to share more about Thread's purpose and features, including a photo demonstrating how to limit replies. "We have lots of work to do, but we're looking to build an open, civil place for people to have conversations," Mosseri shared in his first post. Threads will eventually include Fediverse integration, a decision Mosseri explained as "you may one day end up leaving Threads, or, hopefully not, end up de-platformed. If that ever happens, you should be able to take your audience with you to another server. Being open can enable that."

Threads

Meta employees like CEO Mark Zuckerberg and Mosseri join celebs like Shakira and Gordon Ramsey and a range of influencers who were given first access to Threads. The limited number of initial users reflects in current follower counts, with most profiles only having a few hundred and Zuckerberg and Mosseri at only a couple thousand.

Threads will be available on the web and for download on the Apple and Google Play App Stores starting the morning of July 6th in the US and UK. It won't be available across the rest of Europe yet, though, likely due to stricter EU data privacy rules. In the meantime, Meta employees aren't averse to patting themselves on the back while taking a dig at Twitter, as Meta product designer Peter Franko did in his first post on Threads.

Your eyes aren't deceiving you. There really is an HBO show on Netflix. All five seasons of Issa Rae's highly acclaimed comedy-drama series Insecure are now streaming on Netflix in the US. Not only that, more HBO shows are on the way to the service as Warner Bros. Discovery (WBD) tries to wring more revenue out of its expansive library.

Band of Brothers, The Pacific, Six Feet Under and Ballers are also coming to Netflix as part of the deal, the company told Deadline. Meanwhile, Netflix users outside the US will be able to stream True Blood on the service. This is the first time that HBO content has appeared on Netflix in the US, though some has previously been available on Prime Video. The shows will still be available on Max.

This is part of an effort to boost WBD's revenue. Late last year, the company removed some notable titles from Max, including Westworld and The Nevers. Those shows, and many others from the WBD library, are available to watch on free, ad-supported channels on Roku, Tubi and Amazon's Freevee.

Zaslav and his team have employed other tactics to improve WBD's bottom line. Those include pulling many shows and movies from Max to reduce costs, cancelingMax-exclusive projects before they were done (reportedly in favor of tax writeoffs in some cases) and laying off employees.

After building to this point for over a decade, Virgin Galactic has completed its first commercial flight. After launching aboard the mothership VMS Eve, the spaceship VSS Unity reached an altitude of around 52 miles, or the edge of space. It landed nearly 15 minutes later at the company's Spaceport America base near Truth or Consequences, New Mexico, completing the Galactic 01 research mission. 

The company's first client was the Italian government, which had the aim of conducting microgravity research. Aboard were Air Force colonel Walter Villadei, Air Force lieutenant and flight surgeon Colonel Angelo Landolfi, and Pantaleone Carlucci, a research council member acting as flight engineer and payload specialist. Unity was piloted by retired U.S. Air Force Lieutenant Colonel Michael Masucci and Nicola Pecile, with Virgin Galactic trainer Colin Bennett also on board.

Prior to the commercial flight, Virgin Galactic had conducted five crewed spaceflights in total, the last in late May with four employees aboard. However, the company has gone through a lot of pain getting to that point.

After several successful tests of its SpaceShipTwo spaceplane aboard the mothership WhiteKnightTwo back in 2013, Virgin Galactic's VSS Enterprise crashed in 2014, killing the co-pilot and seriously injuring the pilot. Flight testing resumed with VSS Unity's glide test back in 2016, and the ship finally reached space in 2018. 

The company's first fully crewed spaceflight took place in 2021, when Unity hit an altitude of 53.4 miles with founder Richard Branson on board. However, commercial service was delayed multiple times for different reasons, most recently due to issues in upgrading the mothership VMS Eve.

From a financial perspective, the launch was crucial for Virgin Galactic. With no paying customers until now, the company has lost money for years, including more than $500 million in 2022 alone. It advertises seats at $450,000 per ticket, and previously set a goal of having 1,000 reservations prior to its first commercial launch. 

Virgin Galactic's main rival in the suborbital tourism space race is Blue Origin, which uses a conventional rocket rather than an airplane mothership. Blue Origin CEO (and Amazon founder) Jeff Bezos has said that Virgin Galactic fails to deliver a true spaceflight experience, compared to Blue Origin's system that tops 62 miles in altitude, past the Kármán line often used to mark the beginning of space. Others consider 50 miles the threshold.

Blue Origin has had problems of its own. Last year, one of its New Shepard rockets suffered from a booster failure about a minute after takeoff, forcing the company to deploy its escape system for the uncrewed capsule, which worked as designed. 

Another rival, SpaceX, offers a far different experience — its Falcon 1 rocket and Crew Dragon capsule take customers into a true orbit. SpaceX has even flown a private crew to the International Space Station on a 10-day mission, reportedly for a $55 million fee.

A local shop might deliver your next Amazon order. The company tellsAxios it's launching an Amazon Hub Delivery system that uses small businesses in 23 states (including California, New York and Washington) to complete shipments to customers. Those businesses need secure storage areas and must deliver an average of 30 packages every day outside of major holidays. However, Amazon isn't fussy about business types for this program — bodegas, coffee shops, florists and other locations can all qualify.

Hub Delivery is ultimately an expansion of previous initiatives. Amazon debuted an "I Have Space" system in India in 2015, and expanded it to both Japan and Spain. An American pilot program began in late 2020, although it focused on improving delivery for rural customers. The new approach covers over 20 major cities, including Boston, New York City and Los Angeles.

The incentives are clear. Amazon gets more reliable deliveries by offloading "last mile" shipments to small businesses rather than relying solely on dedicated couriers. Partners in turn can grow their businesses and supplement their income, Amazon VP Beryl Tomay says. Axios estimates that, at $27,000 in earnings per year, Amazon is paying about $2.50 per package. The online retailer hopes to team with 2,500 small business drivers by the end of 2023.

The strategy comes months after Amazon announced mass layoffs as the pandemic recovery and a rocky economy ate into profits. It also comes amid labor complaints that include past allegations of misusing Flex drivers' tips. Hub Delivery theoretically helps Amazon not only trim costs, but minimize the labor disputes that might come with using its own workers for shipping. Not that the tech giant is completely averse to using its own staff. It's still committed to buying about 100,000 Rivian delivery vans that will bring packages to customers.

As anyone who regularly games online can attest, DDoS (dedicated denial of service) attacks are an irritatingly common occurrence on the internet. Drawing on the combined digital might of a geographically diffuse legion of zombified PCs, hackers are able to swamp game servers and prevent players from logging on for hours or days at a time. The problem has metastasized in recent years as enterprising hackers have begun to package their botnets and spamming tools into commercial offerings, allowing any Tom, Dick, and Script-kiddie rental access to the same power. 

It's a big internet out there, and bad actors are plentiful. There are worse things than spammers and scammers swimming in the depths of the Dark Web. In his new book, Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks, Dr. Scott J Shapiro, Professor of Law and Philosophy at Yale Law School traces the internet's illicit history through five of the biggest attacks on digital infrastructure ever recorded.

Farrar Straus Giraux

FANCY BEAR GOES PHISHING: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro. Published by Farrar, Straus and Giroux. Copyright © 2023 by Scott J. Shapiro. All rights reserved. 

Crime as a Service

Not all Denial of Service attacks use botnets. In 2013, the Syrian Electronic Army (SEA)—the online propaganda arm of the brutal Bashar al-Assad regime—hacked into Melbourne IT, the registrar that sold the nytimes.com domain name to The New York Times. The SEA altered the DNS records so that nytimes.com pointed to SEA’s website instead. Because Melbourne IT contained the authoritative records for the Times’ website, the unauthorized changes quickly propagated around the world. When users typed in the normal New York Times domain name, they ended up at a murderous organization’s website.

Conversely, not all botnets launch Denial of Service attacks. Botnets are, after all, a collection of many hacked devices governed by the attacker remotely, and those bots can be used for many purposes. Originally, botnets were used for spam. The Viagra and Nigerian Prince emails that used to clutter inboxes were sent from thousands of geographically distributed zombie computers. In these cases, the attacker reaches out to their army of bots, commanding them to send tens of thousands of emails a day. In 2012, for example, the Russian Grum botnet sent over 18 billion spam emails a day from 120,000 infected computers, netting its botmaster $2.7 million over three years. Botnets are excellent spam infrastructure because it’s hard to defend against them. Networks usually use “block lists”: lists of addresses that they will not let in. To block a botnet, however, one would have to add the addresses of thousands of geographically disbursed servers to the list. That takes time and money.

Because the malware we have seen up till now — worms, viruses, vorms, and wiruses.— could not work together, it was not useful for financially motivated crime. Botnet malware, on the other hand, is because the botnets it creates are controllable. Botmasters are capable of issuing orders to each bot, enabling them to collaborate. Indeed, botnet malware is the Swiss Army knife of cybercrime because botmasters can tell bots in their thrall to implant malware on vulnerable machines, send phishing emails, or engage in click fraud allowing botnets to profit from directing bots to click pay-per-click ads. Click fraud is especially lucrative, as Paras Jha would later discover. In 2018, the ZeroAccess botnet could earn $100,000 a day in click fraud. It commanded a million infected PCs spanning 198 countries, including the island nation of Kiribati and the Himalayan Kingdom of Bhutan. 

Botnets are great DDoS weapons because they can be trained on a target. One day in February 2000, the hacker MafiaBoy knocked out Fifa.com, Amazon.com, Dell, E*TRADE, eBay, CNN, as well as Yahoo!, then the largest search engine on the internet. He overpowered these web servers by commandeering computers in forty-eight different universities and joining them together into a primitive botnet. When each sent requests to the same IP address at the same time, the collective weight of the requests crashed the website. 

After taking so many major websites off-line, MafiaBoy was deemed a national security threat. President Clinton ordered a countrywide manhunt to find him. In April 2000, MafiaBoy was arrested and charged, and in January 2001 he pled guilty to fifty-eight charges of Denial of Service attacks. Law enforcement did not reveal MafiaBoy’s real name, as this national security threat was only fifteen years old. MafiaBoy later revealed himself to be Michael Calce. “You know I’m a pretty calm, collected, cool person,” Calce reported. “But when you have the president of the United States and attorney general basically calling you out and saying, ‘We’re going to find you’ . . . at that point I was a little bit worried.” Calce now works in the cybersecurity industry as a white hat — a good hacker, as opposed to a black hat, after serving five months in juvenile detention. 

Both MafiaBoy and the VDoS crew were adolescent boys who crashed servers. But whereas MafiaBoy did it for the lulz, VDoS did it for the money. Indeed, these teenage Israeli kids were pioneering tech entrepreneurs. They helped launch a new form of cybercrime: DDoS as a service. DDoS as a service is a subscription-based model that gives subscribers access to a botnet to launch either a daily quota or unlimited attacks, depending on the price. DDoS providers are known as booter services or stressor services. They come with user-friendly websites that enable customers to choose the type of account, pay for subscriptions, check status of service, launch attacks, and receive tech support. 

VDoS advertised their booter service on Hack Forums, the same site on which, according to Coelho, Paras Jha spent hours. On their website, www.vdos-s.com, VDoS offered the following subscription services: Bronze ($19.99/month), Silver ($29.99/month), Gold ($39.99/month), and VIP ($199.99/month) accounts. The higher the price, the more attack time and volume. At its peak in 2015, VDoS had 1,781 subscribers. The gang had a customer service department and, for a time, accepted PayPal. From 2014 to 2016, VDoS earned $597,862, and it launched 915,287 DDoS attacks in one year. 

VDoS democratized DDoS. Even the most inexperienced user could subscribe to one of these accounts, type in a domain name, and attack its website. “The problem is that this kind of firepower is available to literally anyone willing to pay thirty dollars a month,” Allison Nixon, director of security research at business-risk-intelligence firm Flashpoint, explained. “Basically what this means is that you must have DDoS protection to participate on the internet. Otherwise, any angry young teenager is going to be able to take you off-line in a heartbeat.” Even booter services need DDoS protection. VDoS hired Cloudflare, one of the largest DDoS mitigation companies in the world. 

DDoS as a service was following a trend in cybercrime known as “malware as a service.” Where users had once bought information about software vulnerabilities and tried to figure out how to exploit those vulnerabilities themselves, or had bought malicious software and tried to figure out how to install and execute it, they could now simply pay for the use of malware and hack with the click of a button, no technical knowledge required.

Because customers who use DDoS as a service are inexperienced, they are particularly vulnerable to scams. Fraudsters often advertise booter services on public discussion boards and accept orders and payment, but do not launch the promised attacks. Even VDoS, which did provide DDoS service, did so less aggressively than advertised. When tested by Flashpoint, VDoS botnet never hit the promised fifty gigabits/second maximum, ranging instead from six to fourteen gigabits/second.

The boards that advertise booter services, as Hack Forums once did, are accessible to anyone with a standard browser and internet connection. They exist on the Clear Web, not on the so-called Dark Web. To access sites on the Dark Web you must use a special network, known as Tor, typically using a special browser known as the Tor Browser. When a user tries to access a website on the Dark Web, the Tor Browser does not request web pages directly. It chooses three random sites—known as nodes—through which to route the request. The first node knows the original sender, but not the ultimate destination. The second node knows neither the original source nor the ultimate destination—it recognizes only the first node and the third node. The third node knows the ultimate destination, but not the original sender. In this way, the sender and receiver can communicate with each other without either knowing the other’s identity.

The Dark Web is doubly anonymous. No one but the website owner knows its IP address. No one but the visitor knows that they are accessing the website. The Dark Web, therefore, tends to be used by political dissidents and cybercriminals—anyone who needs total anonymity. The Dark Web is legal to browse, but many of its websites offer services that are illegal to use. (Fun fact: the U.S. Navy created the Dark Web in the mid-1990s to enable their intelligence agents to communicate confidentially.)

It might be surprising that DDoS providers could advertise on the Clear Web. After all, DDoS-ing another website is illegal everywhere. In the United States, one violates the Computer Fraud and Abuse Act if one “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization,” where damage includes “any impairment to the . . . availability of data, a program, a system, or information.” To get around this, booter services have long argued they perform a legitimate “stressor” function, providing those who set up web pages a means to stress test websites. Indeed, booter services routinely include terms of service that prohibit attacks on unauthorized sites and disclaim all responsibility for any such attacks.

In theory, stressor sites play an important function. But only in theory. Private chats between VDoS and its customers indicated that they were not stressing their own websites. As a booter service provider admitted to Cambridge University researchers, “We do try to market these services towards a more legitimate user base, but we know where the money comes from.”

TikTok has enjoyed a significant advantage over Instagram Reels in that anyone can download a TikTok video and post it to another social media network — something that helps draw new users to the platform. Now, Instagram has finally gained that ability, according to a post by CEO Adam Mosseri (using the new broadcast channels feature) spotted by TechCrunch. 

The feature is only available to US users on mobile for now, and only for public and not private accounts. At the same time, users with public accounts can choose a setting that blocks users from downloading their Reels. To use the feature, you tap on the "Share" icon for a given Reel and select "Download."

Engadget

An image posted by Mosseri (top) appears to show that downloaded Reels will be watermarked with the Instagram logo and name of the account, much as TikTok does. YouTube also started adding watermarks to Shorts videos created on desktop, likely also as a way to bring attention to its short video feature. 

Instagram now appears to be taking the same tack, likely also seeing it as a way to ensure people see Reels on other social media networks. It's not going out of its way to accommodate videos from rival platforms, though. The Meta-owned company allows TikTok and other videos to be uploaded, but its algorithms stopped promoting any watermarked videos from rivals back in 2021.