27-Year-Old VB4 EXE turned into Python in minutes (with Claude) – AI-Assisted reverse engineering

Posted on by

Reddit post detailing how someone took a 27-year-old visual basic EXE file, fed it to Claude 3.7, and watched as it reverse-engineered the program and rewrote it in Python.

It was an old Visual Basic 4 program they had written in 1997. Running a VB4 exe in 2024 can be a real yak-shaving compatibility nightmare, chasing down outdated DLLs and messy workarounds. So! OP decided to upload the exe to Claude 3.7 with this request:

“Can you tell me how to get this file running? It’d be nice to convert it to Python.”

Claude 3.7 analyzed the binary, extracted the VB ‘tokens’ (VB is not a fully-machine-code-compiled language which makes this task a lot easier than something from C/C++), identified UI elements, and even extracted sound files. Then, it generated a complete Python equivalent using Pygame.

According to the author, the code worked on the first try and the entire process took less than five minutes – they link to the LLM chat log for proof.

Totally makes sense that this would work, this seems like the first public/viral example of uploading an EXE like this though – we never even thought of doing such a thing!

Old business applications and games could be modernized without needing the original source code (is Delphi also semi-compiled?). Tools like Claude might make decompilation and software archaeology a lot easier: proprietary binaries from dead platforms could get a new life in open-source too…

Archive.org could add a LLM to do this on the fly… interesting times! – Link.

Source: 27-Year-Old EXE becomes Python in minutes (with Claude) – AI-Assisted reverse engineering « Adafruit Industries – Makers, hackers, artists, designers and engineers!

A Nasal Spray for Concussions Shows Early Promise

Posted on by

The best treatment for a hard knock on the head might someday involve a quick sniff of a nasal spray. Researchers have found early evidence in mice that an antibody-based treatment delivered up the nose can reduce the brain damage caused by concussions and more serious traumatic injuries.

Scientists at Mass General Brigham conducted the study, published Thursday in Nature Neuroscience. In brain-injured mice, the experimental spray appeared to improve the brain’s natural acute healing process while also reducing damaging inflammation later on. The findings could lead to a genuine prophylactic against the long-term impacts of traumatic brain injuries and other conditions like stroke, the researchers say.

[…]

Foralumab, developed by the company Tiziana Life Sciences, targets a specific group of proteins that interact with the brain’s immune cells, called CD3. This suppression of CD3, the team’s earlier work has suggested, increases the activity of certain immune cells known as regulatory T cells (Treg). As the name implies, these cells help regulate the brain’s immune response to make sure it doesn’t go haywire.

[…]

n their latest mice study, the researchers found that foralumab—via the increased activity of Treg cells—improved aspects of the brain’s immediate healing from a traumatic injury. The dosed mice’s microglia (the brain’s unique first line of immune defense) became better at eating and cleaning up after damaged cells, for instance. Afterward, the drug also appeared to prevent microglia from becoming chronically inflamed, As a result, relative to mice in a control group, mice treated with foralumab up to three days post-injury experienced greater improvements in their motor function and coordination.

[…]

Source: A Nasal Spray for Concussions Shows Early Promise

This Gesture Sensor Is Precise, Cheap, Well-Hidden

Posted on by

In today’s “futuristic tech you can get for $5”, [RealCorebb] shows us a gesture sensor, one of the sci-fi kind. He was doing a desktop clock build, and wanted to add gesture control to it – without any holes that a typical optical sensor needs. After some searching, he’s found Microchip’s MGC3130, a gesture sensing chip that works with “E-fields”, more precise than the usual ones, almost as cheap, and with a lovely twist.

The coolest part about this chip is that it needs no case openings. The 3130 can work even behind obstructions like a 3D-printed case. You do need a PCB the size of a laptop touchpad, however — unlike the optical sensors easy to find from the usual online marketplaces. Still, if you have a spot, this is a perfect gesture-sensing solution. [RealCorebb] shows it off to us in the demo video.

This PCB design is available as gerbers+bom+schematic PDF. You can still order one from the files in the repo.  Also, you need to use Microchip’s tools to program your preferred gestures into the chip. Still, it pays off, thanks to the chip’s reasonably low price and on-chip gesture processing. And, [RealCorebb] provides all the explanations you could need, has Arduino examples for us, links all the software, and even provides some Python scripts! Touch-sensitive technology has been getting more and more steam in hacker circles – for instance, check out this open-source 3D-printed trackpad.

 

Source: This Gesture Sensor Is Precise, Cheap, Well-Hidden

Mozilla updates updated TOS for Firefox and is now more confusing but does not look private

Posted on by

On Wednesday we shared that we’re introducing a new Terms of Use (TOU) and Privacy Notice for Firefox. Since then, we’ve been listening to some of our community’s concerns with parts of the TOU, specifically about licensing. Our intent was just to be as clear as possible about how we make Firefox work, but in doing so we also created some confusion and concern. With that in mind, we’re updating the language to more clearly reflect the limited scope of how Mozilla interacts with user data.

Here’s what the new language will say:

You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content. 

In addition, we’ve removed the reference to the Acceptable Use Policy because it seems to be causing more confusion than clarity.

Privacy FAQ

We also updated our Privacy FAQ to better address legal minutia around terms like “sells.” While we’re not reverting the FAQ, we want to provide more detail about why we made the change in the first place.

TL;DR Mozilla doesn’t sell data about you (in the way that most people think about “selling data”), and we don’t buy data about you. We changed our language because some jurisdictions define “sell” more broadly than most people would usually understand that word. Firefox has built-in privacy and security features, plus options that let you fine-tune your data settings.

 

 

The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”

[…]

Source: An update on our Terms of Use

So this legal definition rhymes with what I would expect “sell” to mean. Don’t transfer my data to a third party – even better, don’t collect my data at all.

It’s a shame, as Firefox is my preferred browser, it’s not based on Google’s browser. So I am looking at the Zen browser and the Floorp browser now.

Microsoft begins turning off uBlock Origin and other extensions in Edge

Posted on by

If you use the uBlock Origin extension in Google Chrome or Edge, you should probably start looking for alternative browsers or extensions—either way. A few days ago, users noticed that Google had begun disabling uBlock Origin and other Manifest V2-based extensions as part of the migration to Manifest V3. Now, Microsoft Edge appears to be following suit.

The latest Edge Canary version started disabling Manifest V2-based extensions with the following message: “This extension is no longer supported. Microsoft Edge recommends that you remove it.” Although the browser turns off old extensions without asking, you can still make them work by clicking “Manage extension” and toggling it back (you will have to acknowledge another prompt).

uBlock Origin was turned off message in Edge

At this point, it is not entirely clear what is going on. Google started phasing out Manifest V2 extensions in June 2024, and it has a clear roadmap for the process. Microsoft’s documentation, however, still says “TBD,” so the exact dates are not known yet. This leads to some speculating about the situation being one of “unexpected changes” coming from Chromium. Either way, sooner or later, Microsoft will ditch MV2-based extensions, so get ready as we wait for Microsoft to shine some light on its plans.

Another thing worth noting is that the change does not appear to be affecting Edge’s stable release or Beta/Dev Channels. For now, only Canary versions disable uBlock Origin and other MV2 extensions, leaving users a way to toggle them back on.

[…]

Source: Microsoft begins turning off uBlock Origin and other extensions in Edge – Neowin

e-taste allows you to send flavours in VR

Posted on by

[…] This work reports a bio-integrated gustatory interface, “e-Taste,” to address the underrepresented chemical dimension in current VR/AR technologies. This system facilitates remote perception and replication of taste sensations through the coupling of physically separated sensors and actuators with wireless communication modules. By using chemicals representing five basic tastes

[…]

Gustation, an essential component of the human perceptual system, plays a key role in the overall sensory experience and flavor perception. However, the integration of gustation is currently limited or missing in most AR/VR experiences. […]

The actuator uses an EM minipump to deliver concentration-controlled tastant solutions into the oral cavity. Figure 2AOpens in image viewer shows schematic illustration of the EM actuator consisting of a microfluidic channel and a minipump that includes a polydimethylsiloxane (PDMS) liquid chamber, NdFeB permanent magnets, and a coil placed perpendicular to the magnet (32). The design details and fabrication process of the EM actuator are in figs. S2 and S3. The outlet of the liquid chamber connects to the refillable microfluidic channel embedded with tastant-infused gels (fig. S4). The equivalent circuit of the system appears on the right. A bipolar junction transistor (BJT) serves as an “on/off” switch through a pulse width modulation (PWM) base current received from an ESP32 chip microcontroller. The actuation system uses an NPN-type transistor (2N2222), within which electrons serve as the majority charge carriers.

[…]

Liquid flows through the channel during the “on” state and stops temporarily during the “off” state, allowing interaction with the hydrogels with tastants. Adjusting the duty cycle controls the time that the liquid takes to traverse the microfluidic channel, thereby regulating the concentrations of taste chemicals in the resulting solution. A larger interval time (t) between pulses corresponds to a longer period of the liquid contacting the gels, increasing the resulting concentration of tastants in the delivered solutions

[…]

the variations in concentrations of five taste-related chemicals (H+, Mg2+, Na+, glucose, and glutamate) in the resulting solutions

[…]

Field testing involves healthy, consenting volunteers instrumented with devices to examine the human perception dimension of the e-Taste system within envisioned application scenarios in the real world. In the first case, assisted by the e-Taste system, it becomes feasible for individuals to share the taste experience of food remotely (Fig. 5AOpens in image viewer). Figure 5BOpens in image viewer illustrates an example of transmitting the taste of beverage: When a person immerses the sensor patch in a cup of lemonade near the Golden Gate Bridge (San Francisco, CA, USA), the system uploads the captured concentration data to the IoT platform. The actuator located at the campus of The Ohio State University (Columbus, OH, United States) subsequently downloads the data, guiding to replicate a liquid with the same taste profile. For the remote control and instruction, the entire duration includes the latency (0.3 and 1.4 s for the short- and long-range process, respectively; fig. S26), the sensor response time (~10 s), and an optional signal stabilization time after the response reaches the plateau.

[…]

The result confirms the high accuracy of the system in replicating taste sensations, effectively mimicking the sourness levels encountered in real-world scenarios.[…] demonstrates an accuracy rate of 70%, indicating that testers can distinguish different sour intensities in the liquids generated by the system. Increasing the training time and providing customized concentration categorization based on individual differences could potentially enhance the accuracy for future applications.

[…]

During the mixed taste recognition test, subjects interact with a multichannel e-Taste system in a “digital cup” geometry (movie S4). The experiment uses five food options: lemonade, cake, fried egg, fish soup, and coffee.

[…]

the recognition outcomes when users taste replicated solutions (sample size: 6, accuracy: 86.7%)

[…]

 

Source: A sensor-actuator–coupled gustatory interface chemically connecting virtual and real environments for remote tasting | Science Advances

Payday from hell as several Brit banks report major outages

Posted on by

The UK is full of unhappy workers that are unable to manage their payday cash amid online service outages at a host of major banks.

Downdetector indicates trouble at Lloyds Bank, Halifax, TSB, Nationwide, First Direct, Bank of Scotland, and Barclays, although the latter’s woes appear to have been resolved since the surge of complaints earlier today.

The same can’t be said for the others, however, which all continue to report glitches via their service status pages.

Across the board, the outages seem to be related to web and mobile banking, with the root cause unclear.

[…]

Unlike the other banks whose customers can’t access their online banking platforms, those who use Nationwide can still access their accounts and move money around seamlessly, provided the money is going into other Nationwide accounts under their control.

All affected customers are still able to use their debit and credit cards at ATMs and in shops.

The Financial Conduct Authority (FCA), the UK’s finance regulator, published a post-CrowdStrike report in October, saying it noticed an upward trend of third-party related outages hitting UK banks since the beginning of 2023.

[…]

Today’s outage comes weeks after Barclays suffered a weekend-long service wobble, that reportedly left at least one customer homeless as a result.

Source: Payday from hell as several Brit banks report major outages • The Register

Citigroup erroneously credited client account with $81tn in ‘near miss’ due to really atrocious UI

Posted on by
Citigroup credited a client’s account with $81tn when it meant to send only $280, an error that could hinder the bank’s attempt to persuade regulators that it has fixed long-standing operational issues.
The erroneous internal transfer, which occurred last April and has not been previously reported, was missed by both a payments employee and a second official assigned to check the transaction before it was approved to be processed at the start of business the following day.
A third employee detected a problem with the bank’s account balances, catching the payment 90 minutes after it was posted. The payment was reversed several hours later, according to an internal account of the event seen by the Financial Times and two people familiar with the event.
No funds left Citi, which disclosed the “near miss” to the Federal Reserve and Office of the Comptroller of the Currency, according to another person with knowledge of the matter.
[…]
A total of 10 near misses — incidents when a bank processes the wrong amount but is ultimately able to recover the funds — of $1bn or greater occurred at Citi last year, according to an internal report seen by the FT. The figure was down slightly from 13 the previous year. Citi declined to comment on this broader set of events.
Near misses do not need to be reported to regulators, meaning there is no comprehensive public data on how often these incidents occur across the sector. Several former regulators and bank risk managers said near misses of greater than $1bn were unusual across the US bank industry.
The series of near misses at Citi highlights how the Wall Street bank is struggling to repair its operational troubles nearly five years after it mistakenly sent $900mn to creditors engaged in a contentious battle over the debt of cosmetics group Revlon.
Citi’s mistaken Revlon payout led to the ousting of then-chief executive Michael Corbat, big fines and the imposition of regulatory consent orders requiring it to fix the issues.
[…]
Citi’s $81tn near miss in April was due to an input error and a back-up system with a cumbersome user interface, according to people familiar with the incident.
[…]
Citi’s technology team instructed the payments processing employee to manually input the transactions into a rarely used back-up screen. One quirk of the program was that the amount field came pre-populated with 15 zeros, which the person inputting a transaction needed to delete, something that did not happen.

Source: Citigroup erroneously credited client account with $81tn in ‘near miss’

Ultrathin films are revolutionizing electrical conductivity

Posted on by

What if your electronic devices could adapt on the fly to temperature, pressure, or impact? Thanks to a new breakthrough in downsizing quantum materials, that idea is becoming a reality.

In an article published this month in Applied Physics Express, a multi-institutional research team led by Osaka University announced that they have successfully synthesized an ultrathin vanadium dioxide film on a flexible substrate, in a way that preserves the film’s electrical properties.

Vanadium dioxide is well known in the scientific community for its ability to transition between conductor and insulator phases at nearly room temperature. This phase transition underpins smart and adaptable electronics that can adjust to their environment in real time. But there is a limit to how thin vanadium dioxide films can be, because making a material too small affects its ability to conduct or insulate electricity.

“Ordinarily, when a film is placed on a hard substrate, strong surface forces interfere with the atomic structure of the film and degrade its conductive properties,” explains Boyuan Yu, lead author of the study.

To overcome this limitation, the team prepared their films on two-dimensional hexagonal boron nitride (hBN) crystals; hBN is a highly stable soft material that does not have strong bonds with oxides and thus does not excessively strain the film or spoil its delicate structure.

“The results are truly surprising,” says Hidekazu Tanaka, senior author. “We find that by using this soft substrate, the material structure is very nearly unaffected.”

By performing precise spectroscopy measurements, the team was able to confirm that the phase transition temperature of their vanadium dioxide layers remained essentially unchanged, even at thicknesses as thin as 12 nm.

“This discovery significantly improves our ability to manipulate quantum materials in practical ways,” says Yu. “We have gained a new level of control over the transition process, which means we can now tailor these materials to specific applications like sensors and flexible electronics.”

Given that quantum materials like vanadium dioxide play a crucial role in the design of microsensors and devices, this discovery could pave the way for functional and adaptable electronics that can be attached anywhere. The research team is currently working on such devices, as well as exploring ways to incorporate even thinner films and substrates.

Source: Powering the future — ultrathin films are revolutionizing electrical conductivity | ScienceDaily

Apple’s Find My exploit lets hackers track any Bluetooth device

Posted on by

As explained by the researchers in a blog post, they have essentially found a way to turn any device such as a phone or laptop into an AirTag “without the owner ever realizing it.” After that, hackers could remotely track the location of that device.

[…]

Although AirTag was designed to change its Bluetooth address based on a cryptographic key, the attackers developed a system that could quickly find keys for Bluetooth addresses. This was made possible by using “hundreds” of GPUs to find a key match. The exploit called “nRootTag” has a frightening success rate of 90% and doesn’t require “sophisticated administrator privilege escalation.”

In one of the experiments, the researchers were able to track the location of a computer with an accuracy of 10 feet, which allowed them to trace a bicycle moving through the city. In another experiment, they reconstructed a person’s flight path by tracking their game console.

“While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this,” said one of the researchers.

Find My coming to South Korea

The researchers informed Apple about the exploit in July 2024 and recommended that the company update its Find My network to better verify Bluetooth devices. Although the company has publicly acknowledged the support of the George Mason team in discovering the exploit, Apple is yet to fix it (and hasn’t provided details of how it will do so). […] For now, they advise users to never allow unnecessary access to the device’s Bluetooth when requested by apps, and of course, always keep their device’s software updated.

Source: Apple’s Find My exploit lets hackers track any Bluetooth device

EA just released source code for a bunch of old Command and Conquer games, and added Steam Workshop support to some more

Posted on by

[…]EA’s announced that it’s releasing the source code for a bunch of old C&C games and—here’s the bit where I, as a man who enjoys modding but is also very lazy, gets excited—adding Steam Workshop support to a few more.

The games getting a source code release are Command & Conquer (Tiberian Dawn), Red Alert, C&C Renegade, and C&C Generals and Zero Hour. They’re being released under the GPL license, meaning folks can mix, match, and redistribute them to their hearts’ content without EA lawyers smashing down the door. You can find them all on EA’s Github page.

As for the Steam Workshop? That’s getting switched on for C&C Renegade, C&C Generals and Zero Hour, C&C 3 Tiberium Wars and Kane’s Wrath, and C&C 4 Tiberium Twilight (they can’t all be winners). EA’s also gone and “updated all the Mission Editor and World Builder tools so you can publish maps directly to the Steam Workshop.”

Plus, it’s putting out a modding support pack that “contains the source Xml, Schema, Script, Shader and Map files for all the games that use the SAGE engine.”

[…]

Source: EA just released source code for a bunch of old Command and Conquer games, and added Steam Workshop support to bangers like C&C 3: Tiberium Wars | PC Gamer

Measles Outbreak in Texas Turns Deadly so dumbass anti vax Parents Scramble for Shots

Posted on by

The measles outbreak in Texas has now turned deadly. Texas and federal health officials have just reported the first deaths attributed to the still-growing outbreak, which has sickened over a hundred people.

The Texas Department of State Health Services reported the tragic death of an unvaccinated “school-aged” child Wednesday morning. In the first cabinet meeting of the second Trump Administration held Wednesday afternoon, Robert F. Kennedy Jr., the new U.S. Health and Human Services (HHS) secretary, stated that two deaths from measles have occurred so far, though he provided no further details. At least 124 cases and 18 hospitalizations have been documented so far, and even vaccine-hesitant families in the region are now rushing to get their measles shots.

The measles outbreak has been ongoing since at least mid-January. It’s largely affected people living in Mennonite communities along the rural South Plains region of western Texas, many of whom are unvaccinated against the highly contagious virus. Health officials have previously attributed the low vaccination rate in these communities mostly to a lack of interaction with the wider health care system, rather than to an explicit anti-vaccination attitude among residents.

A week ago, with only 48 cases reported, the measles outbreak had already become the largest seen in the state in nearly 30 years. Dozens more cases have been documented since, in both western Texas and a bordering county of New Mexico, and officials fear that hundreds of residents have or will ultimately become infected. The fatality reported by the Texas Department of State Health Services is the first measles death documented in the U.S. since 2015.

While this outbreak may not be tied to the anti-vaccination movement, it has convinced some people in the area to change their minds about the value of the highly effective measles vaccine—which is taken in combination with vaccines for mumps and rubella. Vaccine-hesitant parents in Lubbock County, one of the areas hit hard by the outbreak, have reportedly started to send their children to get their shots. Lubbock County is also where the child who died from measles was hospitalized.

“We’ve vaccinated multiple kids that have never been vaccinated before, some from families that didn’t believe in vaccines,” Katherine Wells, director of public health at Lubbock’s health department, told NBC News Tuesday.

In the U.S., measles has been locally eliminated for over two decades. But outbreaks can still occur, particularly in places with vaccination rates below the herd immunity threshold (around 94% of a population). Worldwide, measles remains a major public health threat. In 2023, an estimated 10 million cases of measles were reported worldwide, up 20% from the previous year, as well as over 100,000 deaths that year. Measles infection is also thought to sap people’s immune memory to other common infections.

Source: Measles Outbreak in Texas Turns Deadly as Parents Scramble for Shots

Shadow of Mordor’s Nemesis system is locked behind a patent until 2036 – you can patent that an enemy remembers you and your fights with him, apparently

Posted on by

Warner Bros Discovery recently shut down a trio of game studios, including the well-regarded Monolith Productions. This has put one of the coolest game mechanics of the 2010s in limbo. Middle-earth: Shadow of Mordor’s excellent Nemesis system is locked behind a patent owned by Warner Bros all the way until 2036, according to reporting by Eurogamer.

The Nemesis system was featured in both 2014’s Shadow of Mordor and the follow-up Middle-earth: Shadow of War. Simply put, it’s a gameplay mechanic in which enemies remember previous encounters with the protagonist. These antagonists, typically orcs in the LOTR games, would use these humiliating memories to fuel their thirst for revenge as they rose through the ranks. This mechanic also worked both ways, so enemies would remember besting you in a previous encounter.

It was the best part of those two titles and Monolith had planned on bringing back the mechanic for a now-cancelled Wonder Woman game. Now the system is lying unused, locked behind a patent vault in David Zaslav’s mega-yacht or whatever. Gigantic multinational corporations are awesome!

To view this content, you’ll need to update your privacy settings. Please click here and view the “Content and social-media partners” setting to do so.

Warner Bros Discovery patented the system in 2016, which you can read right here. The patent is active until 2036, so long as the company keeps up with the associated fees. It’s worth noting that in the nine years since patenting the system, it’s only been used in a single game. That’s Shadow of War, which came out in 2017 and was already in development when Warner Bros went ahead with the patent.

It remains to be seen if Warner Bros Discovery will do anything with the Nemesis system. It had nine years of heavy game development to make use of it across its entire IP portfolio, but didn’t. In that time period, plenty of Batman games and Hogwarts Legacy all came out. Those would have surely benefited from the unique mechanic. Oh well.

WB will still focus some resources on game development, but the company’s efforts will be primarily spent on four franchises. These include Harry Potter, Mortal Kombat, the DC universe and Game of Thrones. Three of those four seem like good fits for the Nemesis system to me.

Source: Shadow of Mordor’s innovative Nemesis system is locked behind a patent until 2036

Patents stifle innovation yet again.

After Snowden and now Trump, Europe  Finally begins to worry about US-controlled clouds

Posted on by

In a recent blog post titled “It is no longer safe to move our governments and societies to US clouds,” Bert Hubert, an entrepreneur, software developer, and part-time technical advisor to the Dutch Electoral Council, articulated such concerns.

“We now have the bizarre situation that anyone with any sense can see that America is no longer a reliable partner, and that the entire large-scale US business world bows to Trump’s dictatorial will, but we STILL are doing everything we can to transfer entire governments and most of our own businesses to their clouds,” wrote Hubert.

Hubert didn’t offer data to support that statement, but European Commission stats shows that close to half of European enterprises rely on cloud services, a market led by Amazon, Microsoft, Google, Oracle, Salesforce, and IBM – all US-based companies.

While concern about cloud data sovereignty became fashionable back in 2013 when former NSA contractor Edward Snowden disclosed secrets revealing the scope of US signals intelligence gathering and fled to Russia, data privacy worries have taken on new urgency in light of the Trump administration’s sudden policy shifts.

In the tech sphere those moves include removing members of the US Privacy and Civil Liberties Oversight Board that safeguards data under the EU-US Data Privacy Framework, alleged flouting of federal data rules to advance policy goals. Europeans therefore have good reason to wonder how much they can trust data privacy assurances from US cloud providers amid their shows of obsequious deference to the new regime.

And there’s also a practical impetus for the unrest: organizations that use Microsoft Office 2016 and 2019 have to decide whether they want to move to Microsoft’s cloud come October 14, 2025, when support officially ends. Microsoft is encouraging customers to move to Microsoft 365 which is tied to the cloud. But that looks riskier now than it did under less contentious transatlantic relations.

The Register spoke with Hubert about his concerns and the situation in which Europe now finds itself.

[…]

Source: Europe begins to worry about US-controlled clouds • The Register

It was truly unbelievable that EU was using US cloud in the first place for many reasons ranging from technical to cost to privacy but they just keep blundering on.

Ron Wyden asks for rules about knowing whether you own your digital purchases

Posted on by

Sen. Ron Wyden (D-OR) has sent a letter to Federal Trade Commission (FTC) chair Andrew Ferguson urging the FTC to require that companies admit when you’re not really buying an ebook or video game.

Wyden’s letter, shared with The Verge, requests guidance to “ensure that consumers who purchase or license digital goods can make informed decisions and understand what ownership rights they are obtaining.”

Wyden wants the guidance to include how long a license lasts, what circumstances might expire or revoke the license, and if a consumer can transfer or resell the license. The letter also calls for the information “before and at the point of sale” in a way that’s easily understandable. “To put it simply, prior to agreeing to any transaction, consumers should understand what they are paying for and what is guaranteed after the sale,” Wyden says.

[…]

Source: Ron Wyden asks for rules about whether you own your digital purchases | The Verge

You Should Download Your Kindle E-Books Now, Before It’s Too Late

Posted on by

This week, Amazon is eliminating the “Download & Transfer via USB” option for Kindle users. If you own a vast library and hope to take your reading elsewhere, this may be your last opportunity.

Amazon has stated in a note on users’ library management page that, starting Wednesday, Feb. 26, it was eliminating “Download & Transfer via USB. All Kindle e-book owners will be restricted to downloading Kindle books via WiFi. The former option was one of the last loopholes readers could use to take their proprietary Kindle format e-books off Amazon’s closed ecosystem. This deposited files in the AZW3 format, and there are more tricks for disabling DRM with those files than with the more modern KFX format. The USB download option also backed up Kindle books in case something happened to your device or your Amazon account.

There are a growing number of non-Amazon e-book brands, like Bookshop.org, but the issue is Amazon uses its market dominance to source exclusive deals, both in audiobooks and e-books. Considering that, we suggest you do your best to download your current library before it’s too late. If you want to send your e-book library to your computer, go to Amazon first, then click Accounts & Lists. Scroll to Content Library, then click on Books. Click on the “More actions” option for the book you want to download, then select the Download & transfer via USB button.

When they’re downloaded to your PC, you may be able to convert them to other viable reading formats. “Download & Transfer via USB” is a known hack in the Kindle community, used to remove the DRM locks on some older e-book formats. So, if you want to lend your friend an e-book like you would any paperback, this was one of the few ways to do so without dealing with Amazon’s arcane subscription infrastructure.

[…]

As the Kindle terms of service make it clear, owning any Kindle content means you own a “license” for that e-book, not the e-book itself. You only have a right to view the content “solely through Kindle software” and only on “supported devices specified in the Kindle store.” Some open-source apps like Calibre can read most e-book formats, and if you download your books now, you can use them to read your Kindle library without Amazon’s blessing.

That’s why we suggest you also check Libby, a library app that connects with local libraries and allows you to get in line to download and read e-books for a set period (and yes, this does support your local library). Don’t forget to check out Project Gutenberg if you’re trying to find a classic title in EPUB format. If all you want is DRM-free literature, try e-Books.com.

Source: You Should Download Your Kindle E-Books Now, Before It’s Too Late

Under: You don’t own what you buy.

DIY Open-Source Star Tracker Gets You Those Great Night Shots can also be bought

Posted on by

What does one do when frustrated at the lack of affordable, open source portable trackers? If you’re [OG-star-tech], you design your own and give it modular features that rival commercial offerings while you’re at it.

What’s a star tracker? It’s a method of determining position based on visible stars, but when it comes to astrophotography the term refers to a sort of hardware-assisted camera holder that helps one capture stable long-exposure images. This is done by moving the camera in such a way as to cancel out the effects of the Earth’s rotation. The result is long-exposure photographs without the stars smearing themselves across the image.

Interested? Learn more about the design by casting an eye over the bill of materials at the GitHub repository, browsing the 3D-printable parts, and maybe check out the assembly guide. If you like what you see, [OG-star-tech] says you should be able to build your own very affordably if you don’t mind 3D printing parts in ASA or ABS. Prefer to buy a kit or an assembled unit? [OG-star-tech] offers them for sale.

Frustration with commercial offerings (or lack thereof) is a powerful motive to design something or contribute to an existing project, and if it leads to more people enjoying taking photos of the night sky and all the wonderful things in it, so much the better.

Source: DIY Open-Source Star Tracker Gets You Those Great Night Shots | Hackaday

Google pulls plug on Ad blockers such as uBlock Origin by killing Manifest v2

Posted on by

Google’s purge of Manifest v2-based extensions from its Chrome browser is underway, as many users over the past few days may have noticed.

Popular content-blocking add-on (v2-based) uBlock Origin is now automatically disabled for many in the ubiquitous browser as it continues the V3 rollout.

[…]

According to the company, Google’s decision to shift to V3 is all in the name of improving its browser’s security, privacy, and performance. However, the transition to the new specification also means that some extensions will struggle due to limitations in the new API.

In September 2024, the team behind uBlock Origin noted that one of the most significant changes was around the webRequest API, used to intercept and modify network requests. Extensions such as uBlock Origin extensively use the API to block unwanted content before it loads.

[…]

Ad-blockers and privacy tools are the worst hit by the changes, and affected users – because let’s face it, most Chrome users won’t be using an ad-blocker – can switch to an alternative browser for something like the original experience, or they can switch to a different extension which is unlikely to have the same capabilities.

In its post, uBlock recommends a move to Firefox and use of the extension uBlock Origin, a switch to a browser that will support Manifest v2

[…]

Source: Google continues pulling the plug on Manifest v2 • The Register

Generative AI’s Impact on Cybersecurity – Q&A With an Expert

Posted on by

In the ever-evolving landscape of cybersecurity, the integration of generative AI has become a pivotal point of discussion. To delve deeper into this groundbreaking technology and its impact on cybersecurity, we turn to renowned cybersecurity expert Jeremiah Fowler. In this exclusive Q&A session with vpnMentor, Fowler sheds light on the critical role that generative AI plays in safeguarding digital environments against evolving threats.

[…]

Not long ago, it was far easier to identify a phishing attempt, but now that they have AI at their disposal, criminals can personalize their social engineering attempts using realistic identities, well-written content, or even deepfake audio and video. And, as AI models become more intelligent, it will become even harder to distinguish human- from AI-generated content, making it harder for potential victims to detect a scheme.

[…]

There are numerous examples of generative AI being used in recent cyberattacks. The Voice of SecOps report released by Deep Instinct found that 75% of security professionals surveyed saw an increase in cyberattacks in 2023, and that 85% of all attacks that year were powered by generative AI.

[…]

Currently, several malicious generative AI solutions are available on the Dark Web. Two examples of malicious AI tools designed for cybercriminals to create and automate fraudulent activities are FraudGPT and WormGPT. These tools can be used by criminals to easily conduct realistic phishing attacks, carry out scams, or generate malicious code. FraudGPT specializes in generating deceptive content while WormGPT focuses on creating malware and automating hacking attempts.

These tools are extremely dangerous and pose a very serious risk because they allow unskilled criminals with little or no technical knowledge to launch highly sophisticated cyberattacks. With a few command prompts, perpetrators can easily increase the scale, effectiveness, and success rate of their cybercrimes.

[…]

According to the 2023 Microsoft Digital Defense Report, researchers identified several cases where state actors attempted to access and use Microsoft’s AI technology for malicious purposes. These actors were associated with various countries, including Russia, China, Iran, and North Korea. Ironically, each of these countries have strict regulations governing cyberspace, and it would be highly unlikely to conduct large-scale attacks without some level of government oversight. The report noted that malicious actors used generative AI models for a wide range of activities such as spear-phishing, hacking, phishing emails, investigating satellite and radar technologies, and targeting U.S. defense contractors.
Hybrid disinformation campaigns — where state actors or civilian groups combine humans and AI to create division and conflict — have also become a serious risk. There is no better example of this than the Russian troll farms. […]

Earlier this year, fake X (formerly Twitter) accounts — which were actually Russian bots pretending to be real people from the U.S. — were programmed to post pro-Trump content generated by ChatGPT. The whole thing came to a head in June 2024, when the pre-programmed posts started reflecting error messages due to lack of payment.

 

This screenshot shows a translated tweet from X indicating that a bot using ChatGPT was out of credits.

A few months later, the U.S. Department of Justice announced that Russian state media had been paying American far-right social media influencers as much as 10 million USD to echo narratives and messages from the Kremlin in yet another hybrid disinformation campaign.

[…]

The trepidation regarding AI’s role in creating security threats is very real, but some time-tested advice is still valid — keeping software updated, applying patches where needed, and having endpoint security for all connected devices can go a long way. However, as AI becomes more advanced, it will likely make it easier for criminals to identify and exploit more complex vulnerabilities. So, I highly recommend implementing network segmentation too — by isolating individual sections, organizations can effectively limit the spread of malware or restrict unauthorized access to the entire network.

Ultimately, the most important thing is to have continuous monitoring and investigate all suspicious activity.

[…]

One recent example of self-evolving malware that uses AI to constantly rewrite its code is called “BlackMamba“. This is a proof of concept AI-enhanced malware. It was created by researchers from HYAS Labs to test how far it can go. BlackMamba was able to avoid being identified by most sophisticated cybersecurity products, including the leading EDR (Endpoint Detection and Response).

Generative AI is also being used to enhance evasion techniques or generate malicious content. For example, Microsoft researchers were able to get nearly every major AI model to bypass their own restrictions for creating harmful or illegal content. In June 2024, Microsoft published details about what they named “Skeleton Key” — a multi-step process that eventually gets the AI model to provide prohibited content. Additionally, AI-generated tools can bypass traditional cybersecurity defenses (like CAPTCHA) that are intended to filter bot traffic so that (theoretically) only humans can access accounts or content.

Criminals are also using Generative AI to enhance their phishing and social engineering scams.

[…]

The most well-known case to date happened in Hong Kong in early 2024. Criminals used deepfake technology to create a video showing a company’s CEO requesting the CFO to transfer $24.6 million USD. Since there was nothing that suggested that the video was not authentic, the CFO unknowingly transferred the money to the criminals.

[…]

Although AI cannot — and should not — fully replace the human role in the incident response process, it can assist by automating detection, triage, containment, and recovery tasks. Any tools or actions that help reduce response times will also limit the damage caused by cyber incidents. Organizations should integrate these technologies into their security operations and be prepared for AI-enhanced cyberthreats because it is no longer a matter of “if it happens” but “when it happens”.

Generative AI can help cybersecurity by creating realistic risk scenarios for both training and penetration testing.

[…]

what are the future risks of AI providers having vulnerabilities or data exposures?

According to researchers at Wiz they found 2 non-password protected databases that contained just under 1 million records. AI models will generate a massive amount of data and that needs to be stored somewhere. It makes sense that you would have a database full of learning content, monitoring and error logs, and chat responses, theoretically this should have been segregated from the administrative production environment or have additional access controls to prevent an unauthorized intrusion. This vulnerability allowed researchers to access administrative and operational data and the fact that anyone with an Internet connection could have potentially manipulated commands or code scripts should be a major concern to the DeepSeek organization and its users. Additionally, exposing secret keys or other internal access credentials is an open invitation for disaster and what I would consider a worse case scenario. This is a prime example of how important it will be for AI developers to secure and protect the data of their users and the internal backend code of their products.

[…]

Source: Generative AI’s Impact on Cybersecurity – Q&A With an Expert

Bybit Loses $1.5B in Hack of single cold wallet

Posted on by

Cryptocurrency exchange Bybit has experienced $1.46 billion worth of “suspicious outflows,” according to blockchain sleuth ZachXBT.

The wallet in question appears to have sent 401,346 ETH ($1.1 billion) as well as several other iterations of staked ether (stETH) to a fresh wallet, which is now liquidating mETH and stETH on decentralized exchanges, etherscan shows. The wallet has sold around $200 million worth of stETH so far.

[…]

Bybit CEO Ben Zhou wrote on X that a hacker “took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address.”

“Please rest assured that all other cold wallets are secure. All withdrawals are normal,” he added.

“My sources confirm it’s a security incident,” ZachXBT added on Telegram.

$1.46 billion would equate to the largest cryptocurrency hack of all time in dollar terms, with $470 million being lost in the Mt Gox Hack, $530 million in the 2018 hack of CoinCheck, and $650 million in the Ronin Bridge exploit.

BTC and ETH dropped more than 1.5% and 2%, respectively, following the transfers.

Source: Bybit Loses $1.5B in Hack but Can Cover Loss, CEO Confirms

So we find out a few things:

Bybit security staff are absolute idiots:

  • keeping that amount of currency in ONE wallet
  • having that wallet connected to the internet

These guys are rolling on so much money they are like a small country and can cover losses like these quite easily.

Apple Says ‘No’ to UK Backdoor Order, Will Just Disable E2E Cloud Encryption Instead

Posted on by

Good work, Britain. Owners of Apple devices in the United Kingdom will be a little less safe moving forward as the company pulls its most secure end-to-end (E2E) encryption from the country. The move is in response to government demands there that Apple build a backdoor into its iCloud encryption feature that would allow law enforcement to access the cloud data of any iPhone user around the world under the guise of national security.

[…]

Following Apple’s decision to pull E2E cloud encryption from the UK, the company on Friday told Bloomberg that “enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before” and that it “remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom.”

The UK order asked Apple for access to global user data under the country’s Investigatory Powers Act, a law that grants officials the authority to compel companies to remove encryption under a “technical capability notice.”

[…]

“Security officials asked not only that Apple allow the UK government access to UK residents’ encrypted cloud storage, but that the UK government get access to any Apple user’s encrypted cloud storage,” said David Ruiz, an online privacy expert at Malwarebytes. “To demand access to the world’s data is such a brazen, imperialist maneuver that I’m surprised it hasn’t come from, well, honestly, the US. This may embolden other countries, particularly those in the ‘Five Eyes,’ to make a similar demand of Apple.” Ruiz questioned what this means for the UK’s privacy guarantees with the US.

Law enforcement is always looking for new ways to conduct surveillance under the guise of protecting the public—Edward Snowden famously revealed a dragnet of surveillance created after 9/11 that pulled in data on individuals domestic and abroa. But once the genie is taken out of the proverbial bottle, it is hard to put it back, and the capabilities can end up in the wrong hands. Police already have access to plenty investigative powers, privacy advocates say, and the public should be very cautious about giving them more that could be ripe for abuse.

[…]

With today’s move, Apple is essentially saying that it would rather pull the E2E encryption altogether and inform customers they will be less safe, rather than build an open door for the UK government. It is a shrewd, gigachad move by Apple even though consumers there will no longer have the same amount of security as others around the globe. iCloud encryption is important as the service has in the past been a target of hackers who penetrated the accounts of celebrities to steal their nudes and post them online in a scandal that was called “the Fappening.”

[…]

Source: Apple Says ‘No’ to UK Backdoor Order, Will Disable E2E Cloud Encryption Instead

So, no security or privacy for those in the UK then.

External Li supply reshapes Li deficiency and lifetime limit of batteries

Posted on by

Lithium (Li) ions are central to the energy storing functionality of rechargeable batteries1. Present technology relies on sophisticated Li-inclusive electrode materials to provide Li ions and exactingly protect them to ensure a decent lifetime2. Li-deficient materials are thus excluded from battery design, and the battery fails when active Li ions are consumed3. Our study breaks this limit by means of a cell-level Li supply strategy. This involves externally adding an organic Li salt into an assembled cell, which decomposes during cell formation, liberating Li ions and expelling organic ligands as gases. This non-invasive and rapid process preserves cell integrity without necessitating disassembly

[…]

As a proof-of-concept, we demonstrated a 3.0 V, 1,192 Wh kg−1 Li-free cathode, chromium oxide, in the anode-less cell, as well as an organic sulfurized polyacrylonitrile cathode incorporated in a 388 Wh kg−1 pouch cell with a 440-cycle life. These systems exhibit improved energy density, enhanced sustainability and reduced cost compared with conventional Li-ion batteries. Furthermore, the lifetime of commercial LiFePO4 batteries was extended by at least an order of magnitude. With repeated external Li supplies, a commercial graphite|LiFePO4 cell displayed a capacity retention of 96.0% after 11,818 cycles.

Source: External Li supply reshapes Li deficiency and lifetime limit of batteries | Nature

HP buys Humane’s AI pins, will brick them in 10 days. Like with their VR hardware, HP likes turning hardware into sustainable junk.

Posted on by

AI hardware startup Humane has given its users just ten (10!) days notice that their Pins will be disconnected. In a note to its customers, the company said AI Pins will “continue to function normally” until 12PM PT on February 28. On that date, users will lose access to essentially all of their device’s features, including but not limited to calling, messaging, AI queries and cloud access. The FAQ does note that you’ll still be able to check on your battery life, though.

Humane is encouraging its users to download any stored data before February 28, as it plans on permanently deleting “all remaining customer data” at the same time as switching its servers off.

[…]

Today’s discontinuation announcement was brought about by the acquisition of Humane by HP, which is buying the company’s intellectual property for $116 million but clearly has no interest in its current hardware business

[…]

Source: All of Humane’s AI pins will stop working in 10 days

GameStop CEO Scapegoats DEI for Company Troubles. So much for diamondhands then.

Posted on by

GameStop CEO Ryan Cohen took to X on Tuesday to blame wokeness and DEI for the retail chain’s impending exit from Canada and France. The company, which managed to survive the pandemic thanks to the infamous memestock frenzy, has closed more than 700 stores since 2020 as more game distribution moves digital.

In a release, GameStop said that “as part of an evaluation of its international assets,” the company, “intends to pursue a sale of its operations in France and Canada.” Shortly thereafter, Cohen took to X with his comments on “wokeness” and “DEI.”

“Email M&A@gamestop.com if you’re interested in buying GameStop Canada or Micromania France,” Cohen wrote. “High taxes, Liberalism, Socialism, Progressivism, Wokeness, and DEI included at no additional cost if you buy today.”

[…]

Source: GameStop CEO Scapegoats DEI for Company Troubles

Microcomb chips help pave the way for thousand times more accurate GPS systems

Posted on by

Today, our mobile phones, computers, and GPS systems can give us very accurate time indications and positioning thanks to the over 400 atomic clocks worldwide. All sorts of clocks — be it mechanical, atomic or a smartwatch — are made of two parts: an oscillator and a counter. The oscillator provides a periodic variation of some known frequency over time while the counter counts the number of cycles of the oscillator. Atomic clocks count the oscillations of vibrating atoms that switch between two energy states with very precise frequency.

Most atomic clocks use microwave frequencies to induce these energy oscillations in atoms. In recent years, researchers in the field have explored the possibility of using laser instead to induce oscillations optically. Just like a ruler with a great number of ticks per centimeter, optical atomic clocks make it possible to divide a second into even more time fractions, resulting in thousands of times more accurate time and position indications.

“Today’s atomic clocks enable GPS systems with a positional accuracy of a few meters. With an optical atomic clock, you may achieve a precision of just a few centimeters.

[…]

The core of the new technology, described in a recently published research article in Nature Photonics, are small, chip-based devices called microcombs. Like the teeth of a comb, microcombs can generate a spectrum of evenly distributed light frequencies.

“This allows one of the comb frequencies to be locked to a laser frequency that is in turn locked to the atomic clock oscillation,” says Minghao Qi.

[…]

the minimal size of the microcomb makes it possible to shrink the atomic clock system significantly while maintaining its extraordinary precision,”

[…]

Another major obstacle has been achieving simultaneously the “self-reference” needed for the stability of the overall system and aligning the microcomb’s frequencies exactly with the atomic clock’s signals.

“It turns out that one microcomb is not sufficient, and we managed to solve the problem by pairing two microcombs, whose comb spacings, i.e. frequency interval between adjacent teeth, are close but with a small offset, e.g. 20 GHz. This 20 GHz offset frequency will serve as the clock signal that is electronically detectable. In this way, we could get the system to transfer the exact time signal from an atomic clock to a more accessible radio frequency, ”

[…]

“Photonic integration technology makes it possible to integrate the optical components of optical atomic clocks, such as frequency combs, atomic sources and lasers, on tiny photonic chips in micrometer to millimeter sizes, significantly reducing the size and weight of the system,” says Dr. Kaiyi Wu.

The innovation could pave the way for mass production, making optical atomic clocks more affordable and accessible for a range of applications in society and science. The system that is required to “count” the cycles of an optical frequency requires many components besides the microcombs, such as modulators, detectors and optical amplifiers. This study solves an important problem and shows a new architecture, but the next steps are to bring all the elements necessary to create a full system on a chip.

[…]

Source: Microcomb chips help pave the way for thousand times more accurate GPS systems | ScienceDaily