LG has a Fully Transparent TV

Posted on by

LG announced a new transparent TV at the Consumer Electronics Show in Las Vegas this week. Gizmodo’s staff got to check it out in person, and it’s gorgeous. LG claims this is the world’s first wireless transparent OLED TV and is calling it the Signature OLED T (T for transparent).

The OLED T is merely a transparent panel that plays your content without invading your space with a large, black, obtrusive screen. LG argues that this will help create an illusion of your room looking larger than it would with a regular screen. And in our teams brief experience with the product, that’s true. The sense of openness that would come from not having a huge, dark blob in the room is one of the coolest things about this TV.

The LG OLED T is a massive 77 inches. But when it’s turned off, it simply blends with the environment and makes you forget it’s even there. In fact, that’s one of the reasons why you can place it anywhere you want, unlike a traditional TV that typically has to go in front of a wall. The OLED T can even be placed in front of a window without obstructing your view. The TV is fully wireless, so you don’t have to worry about sockets, either. The Zero Connect Box that the TV ships with also doesn’t need any wires between itself and the screen.

[…]

As for pricing, all LG told Gizmodo was that it will be “very expensive”.

Source: LG Just Announced a Fully Transparent TV

Biophotons: Are lentils communicating using quantum light messages?

Posted on by

[…]

Curceanu hopes the apparatus and methods of nuclear physics can solve the century-old mystery of why lentils – and other organisms too – constantly emit an extremely weak dribble of photons, or particles of light. Some reckon these “biophotons” are of no consequence. Others insist they are a subtle form of lentil communication. Curceanu leans towards the latter camp – and she has a hunch that the pulses between the pulses might even contain secret quantum signals. “These are only the first steps, but it looks extremely interesting,” she says.

There are already hints that living things make use of quantum phenomena, with inconclusive evidence that they feature in photosynthesis and the way birds navigate, among other things. But lentils, not known for their complex behaviour, would be the most startling example yet of quantum biology, says Michal Cifra at the Czech Academy of Sciences in Prague. “It would be amazing,” says Cifra. “If it’s true.” Since so many organisms emit biophotons, such a discovery might indicate that quantum effects are ubiquitous in nature.

Biophotons

Biophotons have had scientists stumped for precisely a century. In 1923, biologist Alexander Gurwitsch was studying how plant cells divide by placing onion roots near each other. The closer the roots were, the more cell division occurred, suggesting there was some signal alerting the roots to their neighbour’s presence.

[…]

To tease out how the onion roots were signalling, Gurwitsch repeated the experiment with all manner of physical barriers between the roots. Wood, metal, glass and even gelatine dampened cell division to the same level seen in single onion roots. But, to Gurwitsch’s surprise, a quartz divider had no effect. Compared to glass, quartz allows far more ultraviolet rays to pass through. Some kind of weak emission of UV radiation, he concluded, must be responsible.

[…]

Living organisms have long been known to communicate using light. Jellyfish, mushrooms and fireflies, to name just a few, glow or emit bright flashes to ward off enemies or attract a mate. But these obvious signals, known as bioluminescence, are different to the effect Gurwitsch had unearthed. Biophotons are “a very low-intensity light, not visible to the naked eye”, says Curceanu’s collaborator Maurizio Benfatto. In fact, biophotons were so weak that it took until 1954 to develop equipment sensitive enough to decisively confirm Gurwitsch’s idea.

Since then, dozens of research groups have reported cases of biophoton emission having a useful function in plants and even animals. Like onion roots, yeast cells are known to influence the growth rate of their neighbours. And in 2022, Zsolt PÓnya and Katalin Somfalvi-TÓth at the University of Kaposvár in Hungary observed biophotons being emitted by sunflowers when they were put under stress, which the researchers hoped to use to precisely monitor these crops. Elsewhere, a review carried out by Roeland Van Wijk and Eduard Van Wijk, now at the research company MELUNA in the Netherlands, suggested that biophotons may play a role in various human health conditions, from ageing to acne.

There is a simple explanation for how biophotons are created, too. During normal metabolism, chemical reactions in cells end up converting biomolecules to what researchers called an excited state, where electrons are elevated to higher energy levels. Those electrons then naturally drop to their ground state and emit a photon in the process. Because germinating seeds, like lentils, burn energy quickly to grow, they emit more biophotons.

Today, no one doubts that biophotons exist. Rather, the dispute is over whether lentils and other organisms have harnessed biophotons in a useful way.

[…]

We know that plants communicate using chemicals and sometimes even emit ultrasonic squeaks when stressed. This allows them to control their growth, warn each other about invading insects and attract pollinators. We also know they have ways of detecting and responding to photons in the form of regular sunlight. “Biological systems can detect photons and have feedback loops based on that,”

[…]

Curceanu and Benfatto are hoping that the application of serious physics equipment to this problem could finally let us eavesdrop on the legume’s secrets. They typically use supersensitive detectors to probe the foundations of reality. Now, they are applying these to a box of 75 lentil seeds – they need that many because if they used any fewer, the biophoton signals would be too weak.

[…]

Years ago, Benfatto came across a paper on biophotons and noticed there appeared to be patterns in the way they were produced. The intensity would swell, then fall away, almost like music. This gave him the idea of applying a method from physics called diffusion entropy analysis to investigate these patterns. The method provides a means of characterising the mathematical structures that underlie complex patterns. Imagine comparing a simple drumbeat with the melody of a pop song, for example – the method Benfatto wanted to apply could quantify the complexity embodied in each.

To apply this to the lentils, Benfatto, Curceanu and their colleagues put their seeds in a black box that shielded them from interference. Outside the box, they mounted an instrument capable of detecting single biophotons. They also had rotating filters that allowed them to detect photons with different wavelengths. All that remained was to set the lentils growing. “We add water and then we wait,” says Benfatto.

In 2021, they unveiled their initial findings. It turned out that the biophotons’ signals changed significantly during the lentils’ germination. During the first phase, the photons were emitted in a pattern that repeatedly reset, like a piece of music changing tempo. Then, during the second phase, the emissions took the form of another kind of complex pattern called fractional Brownian motion.

 

Photograph provided by Catalina Oana Curceanu Catalina.Curceanu@lnf.infn.it showing the experimental setup used for the research paper: Biophotons and Emergence of Quantum Coherence--A Diffusion Entropy Analysis

Are these germinating lentils communicating in quantum code?

Catalina Curceanu

 

The fact that the lentils’ biophoton emissions aren’t random is an indication that they could be communicating, says Benfatto. And that’s not all. Tantalisingly, the complexity in the second phase of the emissions is mathematically related to the equations of quantum mechanics. For this reason, Benfatto says his team’s work hints that signals displaying quantum coherence could have a role in directing lentil germination.

[…]

Part of the problem with designing experiments like these is that we don’t really know what quantum mechanical effects in living organisms look like. Any quantum effects discovered in lentils and other organisms would be “very different to textbook quantum mechanics”, says Scholes.

[…]

so far, the evidence for quantum lentils is sketchy. Still, he is pushing ahead with a new experimental design that makes the signal-to-noise ratio 100 times better. If you want to earwig on the clandestine whispers of these seeds, it might just help to get rid of their noisy neighbours, which is why he will study one germinating lentil at a time.

Source: Biophotons: Are lentils sending secret quantum messages? | New Scientist

Google password resets not enough to stop malware that recreates login tokens

Posted on by

A zero-day exploit of Google account security was first teased by a cybercriminal known as “PRISMA” in October 2023, boasting that the technique could be used to log back into a victim’s account even after the password is changed. It can also be used to generate new session tokens to regain access to victims’ emails, cloud storage, and more as necessary.

Since then, developers of info-stealer malware – primarily targeting Windows, it seems – have steadily implemented the exploit in their code. The total number of known malware families that abuse the vulnerability stands at six, including Lumma and Rhadamanthys, while Eternity Stealer is also working on an update to release in the near future.

They’re called info stealers because once they’re running on some poor sap’s computer, they go to work finding sensitive information – such as remote desktop credentials, website cookies, and cryptowallets – on the local host and leaking them to remote servers run by miscreants.

Eggheads at CloudSEK say they found the root of the Google account exploit to be in the undocumented Google OAuth endpoint “MultiLogin.”

The exploit revolves around stealing victims’ session tokens. That is to say, malware first infects a person’s PC – typically via a malicious spam or a dodgy download, etc – and then scours the machine for, among other things, web browser session cookies that can be used to log into accounts.

Session cookies ideally expire frequently, something that can limit their usefulness in account takeover attacks. However, recent cases such as Okta’s in October, which involved the theft of HAR files that often contain session cookies, have demonstrated that session hijackings are entirely practical and can lead to major security incidents.

Those session tokens are then exfiltrated to the malware’s operators to enter and hijack those accounts. It turns out that these tokens can still be used to login even if the user realizes they’ve been compromised and change their Google password.

Here’s an important part: It appears users who’ve had their cookies stolen should log out entirely, and thus invalidate their session tokens, to prevent exploitation.

[…]

Reverse engineering the info-stealer malware revealed that the account IDs and auth-login tokens from logged-in Google accounts are taken from the token_service table of WebData in Chrome.

This table contains two columns crucial to the exploit’s functionality: service (contains a GAIA ID) and encrypted_token. The latter is decrypted using a key stored in Chrome’s Local State file, which resides in the UserData directory.

The stolen token:GAIA ID pairs can then be used together with MultiLogin to continually regenerate Google service cookies even after passwords have been reset, and those can be used to log in.

[…]

Google has confirmed that if you’ve had your session tokens stolen by local malware, don’t just change your password: log out to invalidate those cookies, and/or revoke access to compromised devices.

[…]

Source: Google password resets not enough to stop this malware • The Register

23andMe tells victims it’s their fault that their data was breached. DNA data, it turns out, is extremely sensitive!

Posted on by

Facing more than 30 lawsuits from victims of its massive data breach, 23andMe is now deflecting the blame to the victims themselves in an attempt to absolve itself from any responsibility, according to a letter sent to a group of victims seen by TechCrunch.

“Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events,” Hassan Zavareei, one of the lawyers representing the victims who received the letter from 23andMe, told TechCrunch in an email.

In December, 23andMe admitted that hackers had stolen the genetic and ancestry data of 6.9 million users, nearly half of all its customers.

The data breach started with hackers accessing only around 14,000 user accounts. The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing.

From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million victims because they had opted-in to 23andMe’s DNA Relatives feature. This optional feature allows customers to automatically share some of their data with people who are considered their relatives on the platform.

In other words, by hacking into only 14,000 customers’ accounts, the hackers subsequently scraped personal data of another 6.9 million customers whose accounts were not directly hacked.

But in a letter sent to a group of hundreds of 23andMe users who are now suing the company, 23andMe said that “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe.”

“Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures,” the letter reads.

Zavareei said that 23andMe is “shamelessly” blaming the victims of the data breach.

[…]

“The breach impacted millions of consumers whose data was exposed through the DNA Relatives feature on 23andMe’s platform, not because they used recycled passwords. Of those millions, only a few thousand accounts were compromised due to credential stuffing. 23andMe’s attempt to shirk responsibility by blaming its customers does nothing for these millions of consumers whose data was compromised through no fault of their own whatsoever,” said Zavareei.

[…]

In an attempt to pre-empt the inevitable class action lawsuits and mass arbitration claims, 23andMe changed its terms of service to make it more difficult for victims to band together when filing a legal claim against the company. Lawyers with experience representing data breach victims told TechCrunch that the changes were “cynical,” “self-serving” and “a desperate attempt” to protect itself and deter customers from going after the company.

Clearly, the changes didn’t stop what is now a flurry of class action lawsuits.

Source: 23andMe tells victims it’s their fault that their data was breached | TechCrunch

Twitch Is Being American Strange and Bans Implied Nakedness In Response To ‘Nudity Meta’

Posted on by

As December 2023 was underway, some streamers cleverly thought to play around with Twitch’s restrictions around nudity, broadcasting in such a fashion that implied they were completely naked on camera. Twitch, in response, began banning folks before shifting gears to allow various forms of “artistic nudity” to proliferate on the platform. However, after immediately rescinding the decision and expressing that being naked while livestreaming is a no-no, the company is now making it clear that implied nudity is also forbidden, and that anyone who tries to circumvent the rules will face disciplinary action.

In a January 3 blog post, the company laid out the new guidelines regarding implied nudity on the platform, which is now prohibited effective immediately. Anyone who shows skin that the rules deem should be covered—think genitals, nipples “for those who present as women,” and the like—will face “an enforcement action,” though Twitch didn’t specify what that means. So, if you’re wearing sheer or partially see-through clothing, or use black bars to cover your private parts, then you’re more than likely to get hit with some sort of discipline.

“We don’t permit streamers to be fully or partially nude, including exposing genitals or buttocks. Nor do we permit streamers to imply or suggest that they are fully or partially nude, including, but not limited to, covering breasts or genitals with objects or censor bars,” the company said in the blog post. “We do not permit the visible outline of genitals, even when covered. Broadcasting nude or partially nude minors is always prohibited, regardless of context. For those who present as women, we ask that you cover your nipples and do not expose underbust. Cleavage is unrestricted as long as these coverage requirements are met and it is clear that the streamer is wearing clothing. For all streamers, you must cover the area extending from your hips to the bottom of your pelvis and buttocks.”

[…]

At the beginning of December, some streamers, including Morgpie and LivStixs, began broadcasting in what appeared to be the complete nude. In actuality, these content creators were implying nudity by positioning their cameras at the right angle so as to show plenty of unobscured cleavage but keep nipples out of sight. “Artistic nudity” is what it was called and, as the meta took over the platform, Twitch conceded, allowing such nakedness to proliferate all over livestreams.

[…]

Company CEO Dan Clancy said on December 15 that “depictions of real or fictional nudity won’t be allowed on Twitch, regardless of the medium.” He also apologized for the confusion this whole situation has caused, saying that part of Twitch’s job is “to make adjustments that serve the community.” So be careful, streamers. If you show up nude on the platform, Twitch will come for you.

Source: Twitch Bans Implied Nakedness In Response To ‘Nudity Meta’

What is wrong with these people?! If you don’t want to see (almost) nudity, you can always just change channel!

Generative AI Will Be A Huge Boon For The Public Domain, Unless Copyright Blocks It

Posted on by

two people holding hands watching a pc screen. On the screen is a robot painting a digitised Bob Ross paintingA year ago, I noted that many of Walled Culture’s illustrations were being produced using generative AI. During that time, AI has developed rapidly. For example, in the field of images, OpenAI has introduced DALL-E 3 in ChatGPT:

When prompted with an idea, ChatGPT will automatically generate tailored, detailed prompts for DALL·E 3 that bring your idea to life. If you like a particular image, but it’s not quite right, you can ask ChatGPT to make tweaks with just a few words.

Ars Technica has written a good intro to the new DALL-E 3, describing it as “a wake-up call for visual artists” in terms of its advanced capabilities. The article naturally touches on the current situation regarding copyright for these creations:

In the United States, purely AI-generated art cannot currently be copyrighted and exists in the public domain. It’s not cut and dried, though, because the US Copyright Office has supported the idea of allowing copyright protection for AI-generated artwork that has been appreciably altered by humans or incorporated into a larger work.

The article goes on to explore an interesting aspect of that situation:

there’s suddenly a huge new pool of public domain media to work with, and it’s often “open source”—as in, many people share the prompts and recipes used to create the artworks so that others can replicate and build on them. That spirit of sharing has been behind the popularity of the Midjourney community on Discord, for example, where people typically freely see each other’s prompts.

When several mesmerizing AI-generated spiral images went viral in September, the AI art community on Reddit quickly built off of the trend since the originator detailed his workflow publicly. People created their own variations and simplified the tools used in creating the optical illusions. It was a good example of what the future of an “open source creative media” or “open source generative media” landscape might look like (to play with a few terms).

There are two important points there. First, that the current, admittedly tentative, status of generative AI creations as being outside the copyright system means that many of them, perhaps most, are available for anyone to use in any way. Generative AI could drive a massive expansion of the public domain, acting as a welcome antidote to constant attempts to enclose the public domain by re-imposing copyright on older works – for example, as attempted by galleries and museums.

The second point is that without the shackles of copyright, these creations can form the basis of collaborative works among artists willing to embrace that approach, and to work with this new technology in new ways. That’s a really exciting possibility that has been hard to implement without recourse to legal approaches like Creative Commons. Although the intention there is laudable, most people don’t really want to worry about the finer points of licensing – not least out of fear that they might get it wrong, and be sued by the famously litigious copyright industry.

A situation in which generative AI creations are unequivocally in the public domain could unleash a flood of pent-up creativity. Unfortunately, as the Ars Technica article rightly points out, the status of AI generated artworks is already slightly unclear. We can expect the copyright world to push hard to exploit that opening, and to demand that everything created by computers should be locked down under copyright for decades, just as human inspiration generally is from the moment it is in a fixed form. Artists should enjoy this new freedom to explore and build on generative AI images while they can – it may not last.

Source: Generative AI Will Be A Huge Boon For The Public Domain, Unless Copyright Blocks It | Techdirt

Developing An App For Reduced-Gravity Flying

Posted on by

You’ve likely heard of the “vomit comet” — an rather graphic nickname for the aircraft used to provide short bursts of near-weightlessness by flying along a parabolic trajectory. They’re used to train astronauts, perform zero-g experiments, and famously let director Ron Howard create the realistic spaceflight scenes for Apollo 13. But you might be surprised to find that, outside of the padding that lines their interior for when the occupants inevitably bump into the walls or ceiling, they aren’t quite as specialized as you might think.

In fact, you can achieve a similar result in a small private aircraft — assuming you’ve got the proper touch on the controls. Which is why [Chaz] has been working on an Android app that assists pilots in finding that sweet spot.

Target trajectory, credit: MikeRun

With his software running, the pilot first puts the plane into a climb, and then noses over and attempts to keep the indicator on the phone’s display green for as long as possible. It’s not easy, but in the video after the break you can see they’re able to pull it off for long enough to get things floating around the cockpit.

 

As [Chaz] explains, the app is basically a G-force indicator with some UI features that are designed to help the pilot keep the plane in the proper attitude to provide the sensation of weightlessness. It takes the values from the phone’s accelerometers, does the appropriate math, and changes the color of the display as the computed G-force approaches 0.

If the pilot is able to bring it under 0.1, the phone will play an audio cue. Though the fact that any loose objects that were in the cockpit will be floating around should also provide a pretty good indicator around this point.

It doesn’t look like [Chaz] is ready to release the application yet, but since it was created with MIT’s App Inventor, the walk-through he provides along with the screenshots from the editor should technically be enough to create it should you free so inclined — no pun intended.

Source: Developing An App For Reduced-Gravity Flying | Hackaday

The NY Times Lawsuit Against OpenAI Would Open Up The NY Times To All Sorts Of Lawsuits Should It Win, shows that if you feed it a URL it can regurgitate what’s on the first parts of that URL

Posted on by

This week the NY Times somehow broke the story of… well, the NY Times suing OpenAI and Microsoft. I wonder who tipped them off. Anyhoo, the lawsuit in many ways is similar to some of the over a dozen lawsuits filed by copyright holders against AI companies. We’ve written about how silly many of these lawsuits are, in that they appear to be written by people who don’t much understand copyright law. And, as we noted, even if courts actually decide in favor of the copyright holders, it’s not like it will turn into any major windfall. All it will do is create another corruptible collection point, while locking in only a few large AI companies who can afford to pay up.

I’ve seen some people arguing that the NY Times lawsuit is somehow “stronger” and more effective than the others, but I honestly don’t see that. Indeed, the NY Times itself seems to think its case is so similar to the ridiculously bad Authors Guild case, that it’s looking to combine the cases.

But while there are some unique aspects to the NY Times case, I’m not sure they are nearly as compelling as the NY Times and its supporters think they are. Indeed, I think if the Times actually wins its case, it would open the Times itself up to some fairly damning lawsuits itself, given its somewhat infamous journalistic practices regarding summarizing other people’s articles without credit. But, we’ll get there.

The Times, in typical NY Times fashion, presents this case as thought the NY Times is the great defender of press freedom, taking this stand to stop the evil interlopers of AI.

Independent journalism is vital to our democracy. It is also increasingly rare and valuable. For more than 170 years, The Times has given the world deeply reported, expert, independent journalism. Times journalists go where the story is, often at great risk and cost, to inform the public about important and pressing issues. They bear witness to conflict and disasters, provide accountability for the use of power, and illuminate truths that would otherwise go unseen. Their essential work is made possible through the efforts of a large and expensive organization that provides legal, security, and operational support, as well as editors who ensure their journalism meets the highest standards of accuracy and fairness. This work has always been important. But within a damaged information ecosystem that is awash in unreliable content, The Times’s journalism provides a service that has grown even more valuable to the public by supplying trustworthy information, news analysis, and commentary

Defendants’ unlawful use of The Times’s work to create artificial intelligence products that compete with it threatens The Times’s ability to provide that service. Defendants’ generative artificial intelligence (“GenAI”) tools rely on large-language models (“LLMs”) that were built by copying and using millions of The Times’s copyrighted news articles, in-depth investigations, opinion pieces, reviews, how-to guides, and more. While Defendants engaged in widescale copying from many sources, they gave Times content particular emphasis when building their LLMs—revealing a preference that recognizes the value of those works. Through Microsoft’s Bing Chat (recently rebranded as “Copilot”) and OpenAI’s ChatGPT, Defendants seek to free-ride on The Times’s massive investment in its journalism by using it to build substitutive products without permission or payment.

As the lawsuit makes clear, this isn’t some high and mighty fight for journalism. It’s a negotiating ploy. The Times admits that it has been trying to get OpenAI to cough up some cash for its training:

For months, The Times has attempted to reach a negotiated agreement with Defendants, in accordance with its history of working productively with large technology platforms to permit the use of its content in new digital products (including the news products developed by Google, Meta, and Apple). The Times’s goal during these negotiations was to ensure it received fair value for the use of its content, facilitate the continuation of a healthy news ecosystem, and help develop GenAI technology in a responsible way that benefits society and supports a well-informed public.

I’m guessing that OpenAI’s decision a few weeks back to pay off media giant Axel Springer to avoid one of these lawsuits, and the failure to negotiate a similar deal (at what is likely a much higher price), resulted in the Times moving forward with the lawsuit.

There are five or six whole pages of puffery about how amazing the NY Times thinks the NY Times is, followed by the laughably stupid claim that generative AI “threatens” the kind of journalism the NY Times produces.

Let me let you in on a little secret: if you think that generative AI can do serious journalism better than a massive organization with a huge number of reporters, then, um, you deserve to go out of business. For all the puffery about the amazing work of the NY Times, this seems to suggest that it can easily be replaced by an auto-complete machine.

In the end, though, the crux of this lawsuit is the same as all the others. It’s a false belief that reading something (whether by human or machine) somehow implicates copyright. This is false. If the courts (or the legislature) decide otherwise, it would upset pretty much all of the history of copyright and create some significant real world problems.

Part of the Times complaint is that OpenAI’s GPT LLM was trained in part with Common Crawl data. Common Crawl is an incredibly useful and important resource that apparently is now coming under attack. It has been building an open repository of the web for people to use, not unlike the Internet Archive, but with a focus on making it accessible to researchers and innovators. Common Crawl is a fantastic resource run by some great people (though the lawsuit here attacks them).

But, again, this is the nature of the internet. It’s why things like Google’s cache and the Internet Archive’s Wayback Machine are so important. These are archives of history that are incredibly important, and have historically been protected by fair use, which the Times is now threatening.

(Notably, just recently, the NY Times was able to get all of its articles excluded from Common Crawl. Otherwise I imagine that they would be a defendant in this case as well).

Either way, so much of the lawsuit is claiming that GPT learning from this data is infringement. And, as we’ve noted repeatedly, reading/processing data is not a right limited by copyright. We’ve already seen this in multiple lawsuits, but this rush of plaintiffs is hoping that maybe judges will be wowed by this newfangled “generative AI” technology into ignoring the basics of copyright law and pretending that there are now rights that simply do not exist.

Now, the one element that appears different in the Times’ lawsuit is that it has a bunch of exhibits that purport to prove how GPT regurgitates Times articles. Exhibit J is getting plenty of attention here, as the NY Times demonstrates how it was able to prompt ChatGPT in such a manner that it basically provided them with direct copies of NY Times articles.

In the complaint, they show this:

Image

At first glance that might look damning. But it’s a lot less damning when you look at the actual prompt in Exhibit J and realize what happened, and how generative AI actually works.

What the Times did is prompt GPT-4 by (1) giving it the URL of the story and then (2) “prompting” it by giving it the headline of the article and the first seven and a half paragraphs of the article, and asking it to continue.

Here’s how the Times describes this:

Each example focuses on a single news article. Examples were produced by breaking the article into two parts. The frst part o f the article is given to GPT-4, and GPT-4 replies by writing its own version of the remainder of the article.

Here’s how it appears in Exhibit J (notably, the prompt was left out of the complaint itself):

Image

If you actually understand how these systems work, the output looking very similar to the original NY Times piece is not so surprising. When you prompt a generative AI system like GPT, you’re giving it a bunch of parameters, which act as conditions and limits on its output. From those constraints, it’s trying to generate the most likely next part of the response. But, by providing it paragraphs upon paragraphs of these articles, the NY Times has effectively constrained GPT to the point that the most probabilistic responses is… very close to the NY Times’ original story.

In other words, by constraining GPT to effectively “recreate this article,” GPT has a very small data set to work off of, meaning that the highest likelihood outcome is going to sound remarkably like the original. If you were to create a much shorter prompt, or introduce further randomness into the process, you’d get a much more random output. But these kinds of prompts effectively tell GPT not to do anything BUT write the same article.

From there, though, the lawsuit gets dumber.

It shows that you can sorta get around the NY Times’ paywall in the most inefficient and unreliable way possible by asking ChatGPT to quote the first few paragraphs in one paragraph chunks.

Image

Of course, quoting individual paragraphs from a news article is almost certainly fair use. And, for what it’s worth, the Times itself admits that this process doesn’t actually return the full article, but a paraphrase of it.

And the lawsuit seems to suggest that merely summarizing articles is itself infringing:

Image

That’s… all factual information summarizing the review? And while the complaint shows that if you then ask for (again, paragraph length) quotes, GPT will give you a few quotes from the article.

And, yes, the complaint literally argues that a generative AI tool can violate copyright when it “summarizes” an article.

The issue here is not so much how GPT is trained, but how the NY Times is constraining the output. That is unrelated to the question of whether or not the reading of these article is fair use or not. The purpose of these LLMs is not to repeat the content that is scanned, but to figure out the probabilistic most likely next token for a given prompt. When the Times constrains the prompts in such a way that the data set is basically one article and one article only… well… that’s what you get.

Elsewhere, the Times again complains about GPT returning factual information that is not subject to copyright law.

Image

But, I mean, if you were to ask anyone the same question, “What does wirecutter recommend for The Best Kitchen Scale,” they’re likely to return you a similar result, and that’s not infringing. It’s a fact that that scale is the one that it recommends. The Times complains that people who do this prompt will avoid clicking on Wirecutter affiliate links, but… um… it has no right to that affiliate income.

I mean, I’ll admit right here that I often research products and look at Wirecutter (and other!) reviews before eventually shopping independently of that research. In other words, I will frequently buy products after reading the recommendations on Wirecutter, but without clicking on an affiliate link. Is the NY Times really trying to suggest that this violates its copyright? Because that’s crazy.

Meanwhile, it’s not clear if the NY Times is mad that it’s accurately recommending stuff or if it’s just… mad. Because later in the complaint, the NY Times says its bad that sometimes GPT recommends the wrong product or makes up a paragraph.

So… the complaint is both that GPT reproduces things too accurately, AND not accurately enough. Which is it?

Anyway, the larger point is that if the NY Times wins, well… the NY Times might find itself on the receiving end of some lawsuits. The NY Times is somewhat infamous in the news world for using other journalists’ work as a starting point and building off of it (frequently without any credit at all). Sometimes this results in an eventual correction, but often it does not.

If the NY Times successfully argues that reading a third party article to help its reporters “learn” about the news before reporting their own version of it is copyright infringement, it might not like how that is turned around by tons of other news organizations against the NY Times. Because I don’t see how there’s any legitimate distinction between OpenAI scanning NY Times articles and NY Times reporters scanning other articles/books/research without first licensing those works as well.

Or, say, what happens if a source for a NY TImes reporter provides them with some copyright-covered work (an article, a book, a photograph, who knows what) that the NY Times does not have a license for? Can the NY Times journalist then produce an article based on that material (along with other research, though much less than OpenAI used in training GPT)?

It seems like (and this happens all too often in the news industry) the NY Times is arguing that it’s okay for its journalists to do this kind of thing because it’s in the business of producing Important Journalism™ whereas anyone else doing the same thing is some damn interloper.

We see this with other copyright disputes and the media industry, or with the ridiculous fight over the hot news doctrine, in which news orgs claimed that they should be the only ones allowed to report on something for a while.

Similarly, I’ll note that even if the NY Times gets some money out of this, don’t expect the actual reporters to see any of it. Remember, this is the same NY Times that once tried to stiff freelance reporters by relicensing their articles to electronic databases without paying them. The Supreme Court didn’t like that. If the NY Times establishes that merely training AI on old articles is a licenseable, copyright-impacting event, will it go back and pay those reporters a piece of whatever change they get? Or nah?

Source: The NY Times Lawsuit Against OpenAI Would Open Up The NY Times To All Sorts Of Lawsuits Should It Win | Techdirt

Two EV models powered by sodium-ion batteries roll off line in China

Posted on by

Two electric vehicle (EV) models powered by sodium-ion batteries have rolled off the production line in China, signaling that the new, lower-cost batteries are closer to being used on a large scale.

A model powered by sodium-ion batteries built by Farasis Energy in partnership with JMEV, an EV brand owned by Jiangling Motors Group, rolled off the assembly line on December 28, according to the battery maker.

The model, based on JMEV’s EV3, has a range of 251 km and is the first all-electric A00-class model powered by sodium-ion batteries to be built by Farasis Energy in collaboration with JMEV.

The JMEV EV3 is a compact, all-electric vehicle with a CLTC range of 301 km and a battery pack capacity of 31.15 kWh for its two lithium-ion battery versions. The starting prices for these two versions are RMB 62,800 ($8,840) and RMB 66,800, respectively.

The model’s sodium battery version starts at RMB 58,800, with a battery pack capacity of 21.4 kWh and a CLTC range of 251 km, according to its specification sheet.

Farasis Energy’s sodium-ion batteries currently in production have energy densities in the range of 140-160 Wh/kg, and the battery cells have passed tests including pin-prick, overcharging, and extrusion, according to the company.

Farasis Energy will launch the second generation of sodium-ion batteries in 2024 with an energy density of 160-180 Wh/kg, it said.

By 2026, the next generation of sodium-ion battery products will have an energy density of 180-200 Wh/kg.

On December 27, battery maker Hina Battery announced that a model powered by sodium-ion batteries, which it jointly built with Anhui Jianghuai Automobile Group Corp (JAC), rolled off the production line.

The model is a new variant of the Yiwei 3, the first model under JAC’s new Yiwei brand, and utilizes Hina Battery’s sodium-ion cylindrical cells.

(Image credit: Hina Battery)

Volume deliveries of the sodium-ion battery-equipped Yiwei model are expected to begin in January 2024, according to Hina Battery.

On February 23, Hina Battery unveiled three sodium-ion battery cell products and announced that it had entered into a partnership with JAC.

Hina Battery and Sehol — a joint venture brand between JAC and Volkswagen Anhui — would jointly build a test vehicle with sodium-ion batteries based on the latter’s Sehol E10X model, according to a statement in February.

The test vehicle’s battery pack has a capacity of 25 kWh and an energy density of 120 Wh/kg. The model has a range of 252 km and supports 3C to 4C fast charging. The battery pack uses cells with an energy density of 140 Wh/kg.

JAC launched its new brand Yiwei (钇为 for in Chinese) on April 12 and made the brand’s first model, the Yiwei 3, available on June 16.

According to information released yesterday by Hina Battery, the two are working together to build a production vehicle powered by sodium-ion batteries based on the Yiwei 3.

Source: Two EV models powered by sodium-ion batteries roll off line in China – CnEVPost

Using Local AI On The Command Line To Rename Images (And More)

Posted on by

We all have a folder full of images whose filenamees resemble line noise. How about renaming those images with the help of a local LLM (large language model) executable on the command line? All that and more is showcased on [Justine Tunney]’s bash one-liners for LLMs, a showcase aimed at giving folks ideas and guidance on using a local (and private) LLM to do actual, useful work.

This is built out from the recent llamafile project, which turns LLMs into single-file executables. This not only makes them more portable and easier to distribute, but the executables are perfectly capable of being called from the command line and sending to standard output like any other UNIX tool. It’s simpler to version control the embedded LLM weights (and therefore their behavior) when it’s all part of the same file as well.

One such tool (the multi-modal LLaVA) is capable of interpreting image content. As an example, we can point it to a local image of the Jolly Wrencher logo using the following command:

llava-v1.5-7b-q4-main.llamafile --image logo.jpg --temp 0 -e -p '### User: The image has...\n### Assistant:'

Which produces the following response:

The image has a black background with a white skull and crossbones symbol.

With a different prompt (“What do you see?” instead of “The image has…”) the LLM even picks out the wrenches, but one can already see that the right pieces exist to do some useful work.

Check out [Justine]’s rename-pictures.sh script, which cleverly evaluates image filenames. If an image’s given filename already looks like readable English (also a job for a local LLM) the image is left alone. Otherwise, the picture is fed to an LLM whose output guides the generation of a new short and descriptive English filename in lowercase, with underscores for spaces.

What about the fact that LLM output isn’t entirely predictable? That’s easy to deal with. [Justine] suggests always calling these tools with the --temp 0 parameter. Setting the temperature to zero makes the model deterministic, ensuring that a same input always yields the same output.

There’s more neat examples on the Bash One-Liners for LLMs that demonstrate different ways to use a local LLM that lives in a single-file executable, so be sure to give it a look and see if you get any new ideas. After all, we have previously shown how automating tasks is almost always worth the time invested.

Source: Using Local AI On The Command Line To Rename Images (And More) | Hackaday

More useful would be to put this information into EXIF data, but it shouldn’t be too tough to tweak the command to do that instead

Novel helmet liner 30 times better at stopping concussions

Posted on by

[…]

Among sportspeople and military vets, traumatic brain injury (TBI) is one of the major causes of permanent disability and death. Injury statistics show that the majority of TBIs, of which concussion is a subtype, are associated with oblique impacts, which subject the brain to a combination of linear and rotational kinetic energy forces and cause shearing of the delicate brain tissue.

To improve their effectiveness, helmets worn by military personnel and sportspeople must employ a liner material that limits both. This is where researchers from the University of Wisconsin-Madison come in. Determined to prevent – or lessen the effect of – TBIs caused by knocks to the body and head, they’ve developed a new lightweight foam material for use as a helmet liner.

[…]

For the current study, Thevamaran built upon his previous research into vertically aligned carbon nanotube (VACNT) foams – carefully arranged layers of carbon cylinders one atom thick – and their exceptional shock-absorbing capabilities. Current helmets attempt to reduce rotational motion by allowing a sliding motion between the wearer’s head and the helmet during impact. However, the researchers say this movement doesn’t dissipate energy in shear and can jam when severely compressed following a blow. Instead, their novel foam doesn’t rely on sliding layers.

Oblique impacts subject the brain to a combination of linear and rotational shear force
Oblique impacts, associated with the majority of TBIs, subject the brain to a combination of linear and rotational shear forces
Maheswaran et al.

VACNT foam sidesteps this shortcoming via its unique deformation mechanism. Under compression, the VACNTs undergo collective sequentially progressive buckling, from increased compliance at low shear strain levels to a stiffening response at high strain levels. The formed compression buckles unfold completely, enabling the VACNT foam to accommodate large shear strains before returning to a near initial state when the load is removed.

The researchers found that at 25% precompression, the foam exhibited almost 30 times higher energy dissipation in shear – up to 50% shear strain – than polyurethane-based elastomeric foams of similar density.

[…]

The study was published in the journal Experimental Mechanics.

Source: University of Wisconsin-Madison

 

Source: Novel helmet liner 30 times better at stopping concussions

Amazon Gives Giant Middle Finger To Prime Video Customers, Will Charge $3 Extra A Month To Avoid Ads Starting In January

Posted on by

dollar bills going up in flame[…]

Amazon customers already pay $15 per month, or $139 annually for Amazon Prime, which includes a subscription to Amazon’s streaming TV service. In a bid to make Wall Street happy, Amazon recently announced it would start hitting those users with entirely new streaming TV ads, something you can only avoid if you’re willing to shell out an additional $3 a month.

There was ample backlash to Amazon’s plan, but it apparently accomplished nothing. Amazon says it’s moving full steam ahead with the plan, which will begin on January 29th:

“We aim to have meaningfully fewer ads than linear TV and other streaming TV providers. No action is required from you, and there is no change to the current price of your Prime membership,” the company wrote. Customers have the option of paying an additional $2.99 per month to keep avoiding advertisements.”

If you recall, it took the cable TV, film, music, and broadcast sectors the better part of two decades before they were willing to give users affordable, online access to their content as part of a broader bid to combat piracy. There was just an endless amount of teeth gnashing by industry executives as they were pulled kicking and screaming into the future.

Despite having just gone through that experience, streaming executives refuse to learn anything from it, and are dead set on nickel and diming their users. This will inevitably drive a non-insignificant amount of those users back to piracy, at which point executives will blame the shift on absolutely everything and anything other than themselves.

[…]

Source: Amazon Gives Giant Middle Finger To Prime Video Customers, Will Charge $3 Extra A Month To Avoid Ads Starting In January | Techdirt

Google agrees to settle $5 billion lawsuit accusing it of tracking Incognito users

Posted on by

In 2020, Google was hit with a lawsuit that accused it of tracking Chrome users’ activities even when they were using Incognito mode. Now, after a failed attempt to get it dismissed, the company has agreed to settle the complaint that originally sought $5 billion in damages. According to Reuters and The Washington Post, neither side has made the details of the settlement public, but they’ve already agreed to the terms that they’re presenting to the court for approval in February.

When the plaintiffs filed the lawsuit, they said Google used tools like its Analytics product, apps and browser plug-ins to monitor users. They reasoned that by tracking someone on Incognito, the company was falsely making people believe that they could control the information that they were willing to share with it. At the time, a Google spokesperson said that while Incognito mode doesn’t save a user’s activity on their device, websites could still collect their information during the session.

The lawsuit’s plaintiffs presented internal emails that allegedly showed conversations between Google execs proving that the company monitored Incognito browser usage to sell ads and track web traffic. Their complaint accused Google of violating federal wire-tapping and California privacy laws and was asking up to $5,000 per affected user. They claimed that millions of people who’d been using Incognito since 2016 had likely been affected, which explains the massive damages they were seeking from the company. Google has likely agreed to settle for an amount lower than $5 billion, but it has yet to reveal details about the agreement and has yet to get back to Engadget with an official statement.

Source: Google agrees to settle $5 billion lawsuit accusing it of tracking Incognito users

UK startup makes human waste into low carbon jet fuel

Posted on by

Firefly Green Fuels, a UK-based company, has developed a new form of jet fuel that is entirely fossil-free and made from human waste. The company worked with experts at Cranfield University to confirm that the fuel they developed had a 90 percent lower carbon footprint than what is used in aviation today, according to the BBC. Tests by independent regulators validated that what Firefly Green Fuels has developed is nearly identical to standard A1 jet fuel.

In 2021, the company received a £2 million grant from the Department of Transport to continue developing its sustainable aviation fuel. Although it’s not yet available commercially, the company says it is on track to bringing its fuel to the global market and it will have its first commercial plant operating within 5 years. The company has already inked a partnership with the budget airline Wizz Air — the name of the company and the source of its potential combustibles could scarcely be a more perfect pairing — to supply it with fuel starting in 2028.

It currently sources its waste from water companies in the UK and takes the refined sewage through a process called hydrothermal liquefaction, which converts the liquid waste into a sludge or crude oil. Solid by-products can also be made into crop fertilizer. The company claims that the carbon intensity of the whole process — which measures how much carbon is needed to produce energy — is 7.97 grams of carbon dioxide per megajoule (gCO²e/MJ). Comparatively, the ICCT says carbon intensity recorded for jet fuel ranges from 85 to 95 gCO²e/MJ.

Organic matter, as the company points out, takes millions of years to develop into the fossil fuels that power cars and planes. Firefly’s solution makes it possible to generate fuel in a matter of days — and more importantly, human waste is a widely available resource. It’s unclear if sustainable jet fuel will be more or less expensive than what is currently available. The company could not immediately be reached for comment. However, in a statement, the company’s CEO James Hygate made mention that using human waste is a “cheap and abundant feedstock [that] will never run out.”

Source: From toilets to the sky: UK startup makes waste into low carbon jet fuel

NASA Tests Out 3D-printed Rotating Detonation Rocket Engine!

Posted on by

One promising technology is the Rotating Detonation Engine (RDE), which relies on one or more detonations that continuously travel around an annular channel.

In a recent hot fire test at NASA’s Marshall Space Flight Center in Huntsville, Alabama, the agency achieved a new benchmark in developing RDE technology. On September 27th, engineers successfully tested a 3D-printed rotating detonation rocket engine (RDRE) for 251 seconds, producing more than 2,630 kg (5,800 lbs) of thrust. This sustained burn meets several mission requirements, such as deep-space burns and landing operations. NASA recently shared the footage of the RDRE hot fire test (see below) as it burned continuously on a test stand at NASA Marshall for over four minutes.

While RDEs have been developed and tested for many years, the technology has garnered much attention since NASA began researching it for its “Moon to Mars” mission architecture. Theoretically, the engine technology is more efficient than conventional propulsion and similar methods that rely on controlled detonations. The first hot fire test with the RDRE was performed at Marshall in the summer of 2022 in partnership with advanced propulsion developer In Space LLC and Purdue University in Lafayette, Indiana.

During that test, the RDRE fired for nearly a minute and produced more than 1815 kg (4,000 lbs) of thrust. According to Thomas Teasley, who leads the RDRE test effort at NASA Marshall, the primary goal of the latest test is to understand better how they can scale the combustor to support different engine systems and maximize the variety of missions they could be used for. This ranges from landers and upper-stage engines to supersonic retropropulsion – a deceleration technique that could land heavy payloads and crewed missions on Mars. As Teasley said in a recent NASA press release:

“The RDRE enables a huge leap in design efficiency. It demonstrates we are closer to making lightweight propulsion systems that will allow us to send more mass and payload further into deep space, a critical component to NASA’s Moon to Mars vision.”

Meanwhile, engineers at NASA’s Glenn Research Center and Houston-based Venus Aerospace are working with NASA Marshall to identify ways to scale the technology for larger mission profiles.

Further Reading: NASA

Source: NASA Tests Out 3D-printed Rotating Detonation Rocket Engine! – Universe Today

Mt. Gox Victims Report ‘Double Repayments’ From 2014 Bitcoin Hack

Posted on by

[…]

In 2014, the largest cryptocurrency exchange in the world, Mt. Gox, suffered a notorious hack that stole 850,000 Bitcoins from the platform. Victims are finally starting to get their money back on Tuesday, nearly 10 years later. However, some are reporting Mt. Gox accidentally sent “double payments” and the trustees are asking for some of it back.

“Due to a system issue, the transfer of money to you was inadvertently made twice,” said Mt. Gox in an email numerous creditors posted on Reddit. “Please note that you are not authorized to receive the second transfer and are legally obligated to return the above amount to the Rehabilitation Trustee.”

The hack caused Mt. Gox to file for bankruptcy in 2014. At the end of that year, 850,000 Bitcoin was roughly worth $272 million, but Bitcoin prices have since skyrocketed, and it’s now worth over $35 billion. For the last 10 years, creditors have been waiting for Mt. Gox trustees to recoup stolen funds. Trustees recovered roughly 20% of the hack

[…]

Source: Mt. Gox Victims Report ‘Double Repayments’ From 2014 Bitcoin Hack

Paramount Parent Was Hacked Christmas 2022, Told Customers a Year Later

Posted on by

The parent company that owns a controlling stake in Paramount, CBS, and thousands of theaters across the U.S. got hacked late last year, but it took them a full trip around the sun to let any of the tens of thousands of impacted customers know that their data was potentially compromised.

The massive entertainment conglomerate National Amusements relayed a few scant details of the hack to the Maine Attorney General, as first reported by TechCrunch. A total of 82,128 people were impacted by the breach, though it remains unclear how many of the victims were customers or National Amusements employees. In a letter sent to those impacted describing the breach, the company said an “unauthorized individual” accessed the company network on Dec. 13, 2022, and the company became aware of that intrusion two days later.

[…]

Under Maine law, companies are required to share details of data breaches when users’ personal information is stolen. The law also mandates companies conduct a full investigation of the breach and submit that information to the state. Paramount Global claims it suffered a security breach this past August according to another notice as identified by TechCrunch. The letter, dated August 11, says that an unauthorized party hacked into the company’s systems between May and June this year and made off with some users’ personal information.

[…]

Source: Paramount Parent Was Hacked Last Christmas, Told Customers a Year Later

New York Times Sues OpenAI and Microsoft Over Reading Publicly Available Information

Posted on by

The New York Times sued OpenAI and Microsoft for copyright infringement on Wednesday, opening a new front in the increasingly intense legal battle over the unauthorized use of published work to train artificial intelligence technologies.

The Times is the first major American media organization to sue the companies, the creators of ChatGPT and other popular A.I. platforms, over copyright issues associated with its written works. The lawsuit, filed in Federal District Court in Manhattan, contends that millions of articles published by The Times were used to train automated chatbots that now compete with the news outlet as a source of reliable information.

The suit does not include an exact monetary demand. But it says the defendants should be held responsible for “billions of dollars in statutory and actual damages” related to the “unlawful copying and use of The Times’s uniquely valuable works.” It also calls for the companies to destroy any chatbot models and training data that use copyrighted material from The Times.

In its complaint, The Times said it approached Microsoft and OpenAI in April to raise concerns about the use of its intellectual property and explore “an amicable resolution,” possibly involving a commercial agreement and “technological guardrails” around generative A.I. products. But it said the talks had not produced a resolution.

An OpenAI spokeswoman, Lindsey Held, said in a statement that the company had been “moving forward constructively” in conversations with The Times and that it was “surprised and disappointed” by the lawsuit.

“We respect the rights of content creators and owners and are committed to working with them to ensure they benefit from A.I. technology and new revenue models,” Ms. Held said. “We’re hopeful that we will find a mutually beneficial way to work together, as we are doing with many other publishers.”

[…]

Source: New York Times Sues OpenAI and Microsoft Over Use of Copyrighted Work – The New York Times

Well, if they didn’t want anyone to read it – which is really what an AI is doing, just as much as you or I do – then they should have put the content behind a paywall.

All Apples Wide open for 4 years, Kaspersky security company and many others in Moscow opened wide – photos, location, mic, etc – just by sending them an imessage. Shows how dangerous closed source is.

Posted on by

[…]

after about 12 months of intensive investigation. Besides how the attackers learned of the hardware feature, the researchers still don’t know what, precisely, its purpose is. Also unknown is if the feature is a native part of the iPhone or enabled by a third-party hardware component such as ARM’s CoreSight

 

Further Reading

“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware

The mass backdooring campaign, which according to Russian officials also infected the iPhones of thousands of people working inside diplomatic missions and embassies in Russia, according to Russian government officials, came to light in June. Over a span of at least four years, Kaspersky said, the infections were delivered in iMessage texts that installed malware through a complex exploit chain without requiring the receiver to take any action.

With that, the devices were infected with full-featured spyware that, among other things, transmitted microphone recordings, photos, geolocation, and other sensitive data to attacker-controlled servers. Although infections didn’t survive a reboot, the unknown attackers kept their campaign alive simply by sending devices a new malicious iMessage text shortly after devices were restarted.

A fresh infusion of details disclosed Wednesday said that “Triangulation”—the name Kaspersky gave to both the malware and the campaign that installed it—exploited four critical zero-day vulnerabilities, meaning serious programming flaws that were known to the attackers before they were known to Apple. The company has since patched all four of the vulnerabilities, which are tracked as:

Besides affecting iPhones, these critical zero-days and the secret hardware function resided in Macs, iPods, iPads, Apple TVs, and Apple Watches. What’s more, the exploits Kaspersky recovered were intentionally developed to work on those devices as well. Apple has patched those platforms as well. Apple declined to comment for this article.

[…]

“This is no ordinary vulnerability,” Larin said in a press release that coincided with a presentation he made at the 37th Chaos Communication Congress in Hamburg, Germany. “Due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming, requiring a comprehensive understanding of both hardware and software architectures. What this discovery teaches us once again is that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker, particularly when there are hardware features allowing to bypass these protections.”

In a research paper also published Wednesday, Larin added:

If we try to describe this feature and how attackers use it, it all comes down to this: attackers are able to write the desired data to the desired physical address with [the] bypass of [a] hardware-based memory protection by writing the data, destination address and hash of data to unknown, not used by the firmware, hardware registers of the chip.

Our guess is that this unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or was included by mistake. Since this feature is not used by the firmware, we have no idea how attackers would know how to use it

On the same day last June that Kaspersky first disclosed Operation Triangulation had infected the iPhones of its employees, officials with the Russian National Coordination Center for Computer Incidents said the attacks were part of a broader campaign by the US National Security Agency that infected several thousand iPhones belonging to people inside diplomatic missions and embassies in Russia, specifically from those representing NATO countries, post-Soviet nations, Israel, and China. A separate alert from the FSB, Russia’s Federal Security Service, alleged Apple cooperated with the NSA in the campaign. An Apple representative has denied the claim. Kaspersky researchers, meanwhile, have said they have no evidence corroborating the claim of involvement by either the NSA or Apple.

[…]

Kaspersky’s summary of the exploit chain is:

  • Attackers send a malicious iMessage attachment, which is processed by the application without showing any signs to the user
  • This attachment exploits vulnerability CVE-2023-41990 in the undocumented, Apple-only TrueType font instruction ADJUST for a remote code execution. This instruction existed since the early 90’s and the patch removed it.
  • It uses return/jump oriented programming, multiple stages written in NSExpression/NSPredicate query language, patching JavaScriptCore library environment to execute a privilege escalation exploit written in JavaScript.
  • This JavaScript exploit is obfuscated to make it completely unreadable and to minimize its size. Still it has around 11000 lines of code which are mainly dedicated to JavaScriptCore and kernel memory parsing and manipulation.
  • It’s exploited JavaScriptCore’s debugging feature DollarVM ($vm) to get the ability to manipulate JavaScriptCore’s memory from the script and execute native API functions.
  • It was designed to support old and new iPhones and included a Pointer Authentication Code (PAC) bypass for exploitation of newer models.
  • It used an integer overflow vulnerability CVE-2023-32434 in the XNU’s memory mapping syscalls (mach_make_memory_entry and vm_map) to get read/write access to [the] whole physical memory of the device from the user level.
  • It uses hardware memory-mapped I/O (MMIO) registers to bypass Page Protection Layer (PPL). This was mitigated as CVE-2023-38606.
  • After exploiting all the vulnerabilities, the JavaScript exploit can do whatever it wants to the device and run spyware, but attackers chose to: a) launch the imagent process and inject a payload that cleans the exploitation artifacts from the device; b) run the Safari process in invisible mode and forward it to the web page with the next stage.
  • Web page has the script that verifies the victim and, if the checks pass, it receives the next stage—the Safari exploit.
  • Safari exploit uses vulnerability CVE-2023-32435 to execute a shellcode.
  • Shellcode executes another kernel exploit in the form of mach object file. It uses the same vulnerabilities CVE-2023-32434 and CVE-2023-38606, it’s also massive in size and functionality, but it is completely different from the kernel exploit written in JavaScript. Only some parts related to exploitation of the above-mentioned vulnerabilities are the same. Still most of its code is also dedicated to the parsing and manipulation of the kernel memory. It has various post-exploitation utilities, which are mostly unused.
  • Exploit gets root privileges and proceeds to execute other stages responsible for loading of spyware. We already covered these stages in our previous posts.

Wednesday’s presentation, titled What You Get When You Attack iPhones of Researchers, is a further reminder that even in the face of innovative defenses like the one protecting the iPhone kernel, ever more sophisticated attacks continue to find ways to defeat them.

[…]

Source: 4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica

It also shows that closed source software is an immense security threat – even with the threat exposed it’s almost impossible to find out what happened and how to fix it – especially without the help of the manufacturer

Linux is the only OS to support diagonal PC monitor mode — dev champions the case for 22-degree-rotation computing

Posted on by

Here’s a fun tidbit — Linux is the only OS to support a diagonal monitor mode, which you can customize to any tilt of your liking. Latching onto this possibility, a Linux developer who grew dissatisfied with the extreme choices offered by the cultural norms of landscape or portrait monitor usage is championing diagonal mode computing. Melbourne-based xssfox asserts that the “perfect rotation” for software development is 22° (h/t Daniel Feldman).

[…]

Xssfox devised a consistent method to appraise various screen rotations, working through the staid old landscape and portrait modes, before deploying xrandr to test rotations like the slightly skewed 1° and an indecisive 45°. These produced mixed results of questionable benefits, so the search for the Goldilocks solution continued.

It turns out that a 22° tilt to the left (expand tweet above to see) was the sweet spot for xssfox. This rotation delivered the best working screen space on what looks like a 32:9 aspect ratio monitor from Dell. “So this here, I think, is the best monitor orientation for software development,” the developer commented. “It provides the longest line lengths and no longer need to worry about that pesky 80-column limit.”

[…]

We note that Windows users with AMD and Nvidia drivers are currently shackled to applying screen rotations using 90° steps. MacOS users apparently face the same restrictions.

Source: Linux is the only OS to support diagonal PC monitor mode — dev champions the case for 22-degree-rotation computing | Tom’s Hardware

Verizon Once Again Busted Handing Out Sensitive Wireless Subscriber Information To Any Nitwit Who Asks For It – because no US enforcement of any kind

Posted on by

Half a decade ago we documented how the U.S. wireless industry was caught over-collecting sensitive user location and vast troves of behavioral data, then selling access to that data to pretty much anybody with a couple of nickels to rub together. It resulted in no limit of abuse from everybody from stalkers to law enforcement — and even to people pretending to be law enforcement.

While the FCC purportedly moved to fine wireless companies for this behavior, the agency still hasn’t followed through. Despite the obvious ramifications of this kind of behavior during a post-Roe, authoritarian era.

Nearly a decade later, and it’s still a very obvious problem. The folks over at 404 Media have documented the case of a stalker who managed to game Verizon in order to obtain sensitive data about his target, including her address, location data, and call logs.

Her stalker posed as a police officer (badly) and, as usual, Verizon did virtually nothing to verify his identity:

“Glauner’s alleged scheme was not sophisticated in the slightest: he used a ProtonMail account, not a government email, to make the request, and used the name of a police officer that didn’t actually work for the police department he impersonated, according to court records. Despite those red flags, Verizon still provided the sensitive data to Glauner.”

In this case, the stalker found it relatively trivial to take advantage of Verizon Security Assistance and Court Order Compliance Team (or VSAT CCT), which verifies law enforcement requests for data. You’d think that after a decade of very ugly scandals on this front Verizon would have more meaningful safeguards in place, but you’d apparently be wrong.

Keep in mind: the FCC tried to impose some fairly basic privacy rules for broadband and wireless in 2016, but the telecom industry, in perfect lockstep with Republicans, killed those efforts before they could take effect, claiming they’d be too harmful for the super competitive and innovative (read: not competitive or innovative at all) U.S. broadband industry.

[…]

Source: Verizon Once Again Busted Handing Out Sensitive Wireless Subscriber Information To Any Nitwit Who Asks For It | Techdirt

UK Police to be able to run AI face recognition searches on all driving licence holders

Posted on by

The police will be able to run facial recognition searches on a database containing images of Britain’s 50 million driving licence holders under a law change being quietly introduced by the government.

Should the police wish to put a name to an image collected on CCTV, or shared on social media, the legislation would provide them with the powers to search driving licence records for a match.

The move, contained in a single clause in a new criminal justice bill, could put every driver in the country in a permanent police lineup, according to privacy campaigners.

[…]

The intention to allow the police or the National Crime Agency (NCA) to exploit the UK’s driving licence records is not explicitly referenced in the bill or in its explanatory notes, raising criticism from leading academics that the government is “sneaking it under the radar”.

Once the criminal justice bill is enacted, the home secretary, James Cleverly, must establish “driver information regulations” to enable the searches, but he will need only to consult police bodies, according to the bill.

Critics claim facial recognition technology poses a threat to the rights of individuals to privacy, freedom of expression, non-discrimination and freedom of assembly and association.

Police are increasingly using live facial recognition, which compares a live camera feed of faces against a database of known identities, at major public events such as protests.

Prof Peter Fussey, a former independent reviewer of the Met’s use of facial recognition, said there was insufficient oversight of the use of facial recognition systems, with ministers worryingly silent over studies that showed the technology was prone to falsely identifying black and Asian faces.

[…]

The EU had considered making images on its member states’ driving licence records available on the Prüm crime fighting database. The proposal was dropped earlier this year as it was said to represent a disproportionate breach of privacy.

[…]

Carole McCartney, a professor of law and criminal justice at the University of Leicester, said the lack of consultation over the change in law raised questions over the legitimacy of the new powers.

She said: “This is another slide down the ‘slippery slope’ of allowing police access to whatever data they so choose – with little or no safeguards. Where is the public debate? How is this legitimate if the public don’t accept the use of the DVLA and passport databases in this way?”

The government scrapped the role of the commissioner for the retention and use of biometric material and the office of surveillance camera commissioner this summer, leaving ministers without an independent watchdog to scrutinise such legislative changes.

[…]

In 2020, the court of appeal ruled that South Wales police’s use of facial recognition technology had breached privacy rights, data protection laws and equality laws, given the risk the technology could have a race or gender bias.

The force has continued to use the technology. Live facial recognition is to be deployed to find a match of people attending Christmas markets this year against a watchlist.

Katy Watts, a lawyer at the civil rights advocacy group Liberty said: “This is a shortcut to widespread surveillance by the state and we should all be worried by it.”

Source: Police to be able to run face recognition searches on 50m driving licence holders | Facial recognition | The Guardian

Tesla Systematically Lied To Customers, Blaming Them For Shoddy Parts The Company Knew Were Defective, has highest accident rate of any brand on the road

Posted on by

Back in July, Reuters released a bombshell report showing that not only has Tesla aggressively lied about its EV ranges for the better part of the last decade, it created teams whose entire purpose was to lie to customers about it when they called up to complain. The story lasted all of two days in the news cycle before it was supplanted by clickbait stories about a billionaire fist fight that never actually happened.

Now Reuters is back again, with another major story showcasing how for much of that same decade, Tesla routinely blamed customers for the failure of substandard parts the company knew to be defective. The outlet reviewed thousands of Tesla documents and found a pattern where customers would complain about dangerously broken and low-quality parts, only to be repeatedly gaslit by the company:

“Wheels falling off cars at speed. Suspensions collapsing on brand-new vehicles. Axles breaking under acceleration. Tens of thousands of customers told Tesla about a host of part failures on low-mileage cars. The automaker sought to blame drivers for vehicle ‘abuse,’ but Tesla documents show it had tracked the chronic ‘flaws’ and ‘failures’ for years.”

The records show a repeated pattern across tens of thousands of customers where parts would fail, then the customer would be accused of “abusing” their vehicle. They also show that Tesla meticulously tracked part failures, knew many parts were defective, and routinely not only lied to regulators about it, but charged customers to repair parts they knew had high failure rates and were systemically prone to failure:

“Yet the company has denied some of the suspension and steering problems in statements to U.S. regulators and the public– and, according to Tesla records, sought to shift some of the resulting repair costs to customers.”

This is obviously a very different narrative than the one Musk presented last month at that unhinged New York Times DealBook event:

“We make the best cars. Whether you hate me, like me or are indifferent, do you want the best car, or do you not want the best car?”

They are, as it turns out, not the best cars.

And this is before you even touch on the growing pile of corpses caused by the company’s half-cooked and repeatedly misrepresented “full self driving” technology, which last week resulted in the recall of nearly every vehicle that has it. That problem was, as reports have documented in detail, thanks in part to non-engineer Musk over-ruling his actual engineers when it comes to only using cameras.

This comes as a new study shows that Tesla vehicles have the highest accident rate of any brand on the road. As usual, U.S. regulators have generally been asleep or lethargic during most of this, worried that enforcing basic public safety standards would somehow be stifling “innovation.”

The deaths from “full self driving” have been going on for the better part of the last decade, yet the NHTSA only just apparently figured out where its pants were located. But a lot of the problems Reuters have revealed should be slam dunk cases for the FTC under the “unfair and deceptive” component of the FTC Act, creating what will likely be a very busy 2024 for Elon Musk.

A lot of this stuff has been discussed by Tesla critics for years. It’s only once Musk began his downward descent into full racist caricature and undeniable self-immolation that press outlets with actual resources started to meaningfully dig beyond the hype. There’s cause for some significant U.S. journalism introspection as to why that is that probably will never happen.

Meanwhile, for a supposed innovation super-genius, most Musk companies have the kind of customer service that makes Comcast seem empathic and competent.

There’s no shortage of nightmare stories about Tesla Solar customer service. And we’ve well documented how Starlink can’t even respond to basic email inquiries by users tired of being on year-long waiting lists and seeking refunds. And once you burn past the novelty, gimmicks, and fanboy denialism, Tesla automotive clearly isn’t any better.

That said, this goes well beyond just bad customer service. The original Reuters story from July about the company lying about EV ranges clearly demonstrates not just bad customer service, but profound corporate culture rot:

“Inside the Nevada team’s office, some employees celebrated canceling service appointments by putting their phones on mute and striking a metal xylophone, triggering applause from coworkers who sometimes stood on desks. The team often closed hundreds of cases a week and staffers were tracked on their average number of diverted appointments per day.”

As with much of what Musk does, a large share of what the press initially sold the public as unbridled innovation was really just cutting corners. It’s easy to accomplish more than the next guy when you refuse to invest in customer service, don’t care about labor or environmental laws, don’t care about public safety, don’t care about the customer, and have zero compulsion about lying to regulators or making things up at every conceivable opportunity.

Source: Tesla Lied To Customers, Blaming Them For Shoddy Parts The Company Knew Were Defective | Techdirt

Slovakian PM wants to kill EU anti-corruption policing

Posted on by

Prime Minister Robert Fico’s push dissolve the body that now oversees high-profile corruption cases poses a risk to the EU’s financial interests and would harm the work of the European Public Prosecutor’s Office, Juraj Novocký, Slovakia’s representative to the EU body, told Euractiv Slovakia.

Fico’s government wants to pass a reform that would eliminate the Special Anti-Corruption Prosecutor’s Office, reduce penalties, including those for corruption, and curtail the rights of whistleblowers.

Novocký points out that the reform would also bring a radical shortening of limitation periods: “Through a thorough analysis, we have found that if the amendment is adopted as proposed, we will have to stop prosecution in at least twenty cases for this reason,” Novocký of the European Public Prosecutor’s Office (EPPO) told Euractiv Slovakia.

“This has a concrete effect on the EPPO’s activities and indirectly on the protection of the financial interests of the EU because, in such cases, there will be no compensation for the damage caused,” Novocký added.

On Monday, EU Chief Prosecutor Laura Kövesi addressed the government’s push for reform in a letter to the European Commission, concluding that it constitutes a serious risk of breaching the rule of law in the meaning of Article 4(2)(c) of the Conditionality Regulation.

[…]

Source: Fico’s corruption reforms may block investigations in 20 EU fraud cases – EURACTIV.com

AI cannot be patent ‘inventor’, UK Supreme Court rules in landmark case – but a company can

Posted on by

A U.S. computer scientist on Wednesday lost his bid to register patents over inventions created by his artificial intelligence system in a landmark case in Britain about whether AI can own patent rights.

Stephen Thaler wanted to be granted two patents in the UK for inventions he says were devised by his “creativity machine” called DABUS.

His attempt to register the patents was refused by the UK’s Intellectual Property Office (IPO) on the grounds that the inventor must be a human or a company, rather than a machine.

Thaler appealed to the UK’s Supreme Court, which on Wednesday unanimously rejected his appeal as under UK patent law “an inventor must be a natural person”.

Judge David Kitchin said in the court’s written ruling that the case was “not concerned with the broader question whether technical advances generated by machines acting autonomously and powered by AI should be patentable”.

Thaler’s lawyers said in a statement that the ruling “establishes that UK patent law is currently wholly unsuitable for protecting inventions generated autonomously by AI machines and as a consequence wholly inadequate in supporting any industry that relies on AI in the development of new technologies”.

‘LEGITIMATE QUESTIONS’

A spokesperson for the IPO welcomed the decision “and the clarification it gives as to the law as it stands in relation to the patenting of creations of artificial intelligence machines”.

They added that there are “legitimate questions as to how the patent system and indeed intellectual property more broadly should handle such creations” and the government will keep this area of law under review.

[…]

“The judgment does not preclude a person using an AI to devise an invention – in such a scenario, it would be possible to apply for a patent provided that person is identified as the inventor.”

In a separate case last month, London’s High Court ruled that artificial neural networks can attract patent protection under UK law.

Source: AI cannot be patent ‘inventor’, UK Supreme Court rules in landmark case | Reuters

Somehow it sits strangely that a company can be a ‘natural person’ but an AI cannot.