Court filings unsealed last week allege Meta created an internal effort to spy on Snapchat in a secret initiative called “Project Ghostbusters.” Meta did so through Onavo, a Virtual Private Network (VPN) service the company offered between 2016 and 2019 that, ultimately, wasn’t private at all.
“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” said Mark Zuckerberg in an email to three Facebook executives in 2016, unsealed in Meta’s antitrust case on Saturday. “It seems important to figure out a new way to get reliable analytics about them… You should figure out how to do this.”
Thus, Project Ghostbusters was born. It’s Meta’s in-house wiretapping tool to spy on data analytics from Snapchat starting in 2016, later used on YouTube and Amazon. This involved creating “kits” that can be installed on iOS and Android devices, to intercept traffic for certain apps, according to the filings. This was described as a “man-in-the-middle” approach to get data on Facebook’s rivals, but users of Onavo were the “men in the middle.”
[…]
A team of senior executives and roughly 41 lawyers worked on Project Ghostbusters, according to court filings. The group was heavily concerned with whether to continue the program in the face of press scrutiny. Facebook ultimately shut down Onavo in 2019 after Apple booted the VPN from its app store.
Prosecutors also allege that Facebook violated the United States Wiretap Act, which prohibits the intentional procurement of another person’s electronic communications.
[…]
Prosecutors allege Project Ghostbusters harmed competition in the ad industry, adding weight to their central argument that Meta is a monopoly in social media.
Source: Project Ghostbusters: Facebook Accused of Using Your Phone to Wiretap Snapchat
Who would have thought that a Facebook VPN was worthless? Oh, I have been reporting on this since 2018
]]>Various websites of provinces and government organizations were down on Monday due to a DDOS attack. At the moment, the website of the Province of North Holland is still unavailable or unavailable again.
The websites of the provinces of Groningen, Overijssel and North Brabant were also down for some time.
The sites of the Senate and the ports of Amsterdam and Den Helder were also bombarded.
According to FalconFeeds, a cyber threat intelligence platform, the DDoS attack was claimed by pro-Russian hacker group NoName05716. The attack is said to be in retaliation for the Dutch decision to give F-16 fighter jets to Ukraine.
More than a year ago, the province of North Holland was also the victim of a DDoS attack for some time.
Thanks to a temporary solution, the Groningen site is working again and subsidies and permits can also be applied for.
Research is still underway into the cause and possible consequences of this DDoS attack.
Source: DDOS aanval legt websites provincies en overheidsorganisaties plat – Emerce
]]>Accumulation of microplastics in the natural environment is ultimately due to the chemical nature of widely used petroleum-based plastic polymers, which typically are inaccessible to biological processing. One way to mitigate this crisis is adoption of plastics that biodegrade if released into natural environments. In this work, we generated microplastic particles from a bio-based, biodegradable thermoplastic polyurethane (TPU-FC1) and demonstrated their rapid biodegradation via direct visualization and respirometry. Furthermore, we isolated multiple bacterial strains capable of using TPU-FC1 as a sole carbon source and characterized their depolymerization products. To visualize biodegradation of TPU materials as real-world products, we generated TPU-coated cotton fabric and an injection molded phone case and documented biodegradation by direct visualization and scanning electron microscopy (SEM), both of which indicated clear structural degradation of these materials and significant biofilm formation.
In this work, particle count and respirometry experiments demonstrated that microplastic particles from a bio-based thermoplastic polyurethane can rapidly biodegrade and therefore are transiently present in the environment. In contrast, microplastic particles from a widely used commercial thermoplastic, ethyl vinyl acetate, persists in the environment and showed no significant signs of biodegradation over the course of this experiment. Bacteria capable of utilizing TPU-FC1 as a carbon source were isolated and depolymerization of the material was confirmed by the early accumulation of monomers derived from the original polymer, which are metabolized by microbes in short order. Finally, we demonstrated that prototype products made from these materials biodegrade under home compost conditions. The generation of microplastics is an unavoidable consequence of plastic usage and mitigating the persistence of these particles by adoption of biodegradable material alternatives is a viable option for a future green circular economy.
GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. This feature is in public beta and automatically enabled on all private repositories for GitHub Advanced Security (GHAS) customers.
Known as Code Scanning Autofix and powered by GitHub Copilot and CodeQL, it helps deal with over 90% of alert types in JavaScript, Typescript, Java, and Python.
After being toggled on, it provides potential fixes that GitHub claims will likely address more than two-thirds of found vulnerabilities while coding with little or no editing.
“When a vulnerability is discovered in a supported language, fix suggestions will include a natural language explanation of the suggested fix, together with a preview of the code suggestion that the developer can accept, edit, or dismiss,” GitHub’s Pierre Tempel and Eric Tooley said.
The code suggestions and explanations it provides can include changes to the current file, multiple files, and the current project’s dependencies.
Implementing this approach can significantly reduce the frequency of vulnerabilities that security teams must handle daily.
This, in turn, enables them to concentrate on ensuring the organization’s security rather than being forced to allocate unnecessary resources to keep up with new security flaws introduced during the development process.
However, it’s also important to note that developers should always verify if the security issues are resolved, as GitHub’s AI-powered feature may suggest fixes that only partially address the security vulnerability or fail to preserve the intended code functionality.
“Code scanning autofix helps organizations slow the growth of this “application security debt” by making it easier for developers to fix vulnerabilities as they code,” added Tempel and Tooley.
“Just as GitHub Copilot relieves developers of tedious and repetitive tasks, code scanning autofix will help development teams reclaim time formerly spent on remediation.”
The company plans to add support for additional languages in the coming months, with C# and Go support coming next.
More details about the GitHub Copilot-powered code scanning autofix tool are available on GitHub’s documentation website.
Last month, the company also enabled push protection by default for all public repositories to stop the accidental exposure of secrets like access tokens and API keys when pushing new code.
This was a significant issue in 2023, as GitHub users accidentally exposed 12.8 million authentication and sensitive secrets via more than 3 million public repositories throughout the year.
As BleepingComputer reported, exposed secrets and credentials have been exploited for multiple high-impact breaches [1, 2, 3] in recent years.
Source: GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code
]]>General Motors said Friday that it had stopped sharing details about how people drove its cars with two data brokers that created risk profiles for the insurance industry.
The decision followed a New York Times report this month that G.M. had, for years, been sharing data about drivers’ mileage, braking, acceleration and speed with the insurance industry. The drivers were enrolled — some unknowingly, they said — in OnStar Smart Driver, a feature in G.M.’s internet-connected cars that collected data about how the car had been driven and promised feedback and digital badges for good driving.
Some drivers said their insurance rates had increased as a result of the captured data, which G.M. shared with two brokers, LexisNexis Risk Solutions and Verisk. The firms then sold the data to insurance companies.
Since Wednesday, “OnStar Smart Driver customer data is no longer being shared with LexisNexis or Verisk,” a G.M. spokeswoman, Malorie Lucich, said in an emailed statement. “Customer trust is a priority for us, and we are actively evaluating our privacy processes and policies.”
Romeo Chicco, a Florida man whose insurance rates nearly doubled after his Cadillac collected his driving data, filed a complaint seeking class-action status against G.M., OnStar and LexisNexis this month.
An internal document, reviewed by The Times, showed that as of 2022, more than eight million vehicles were included in Smart Driver. An employee familiar with the program said the company’s annual revenue from Smart Driver was in the low millions of dollars.
Source: General Motors Quits Sharing Driving Behavior With Data Brokers – The New York Times
No mention of who it is now selling the data to.
]]>The U.S. Department of Justice and 15 states on Thursday sued Apple (AAPL.O)
, opens new tab Google, Meta Platforms (META.O), opens new tab and Amazon.com (AMZN.O)
, opens new tab and Epic argue Apple is still making it too hard to offer alternative app stores.
Source: Apple accused of monopolizing smartphone markets in US antitrust lawsuit | Reuters
Also: Apple Loses $113 Billion in Value After Regulators Close In | Bloomberg
]]>Edina police believe that the suspects aren’t choosing houses at random –they’re researching carefully prior to burglarizing them. The suspects are stealing jewelry, safes, and high-end merchandise.
“It’s believed the burglars are not violent and tend to choose unoccupied houses,” the police’s report reads.
At the city safety meeting on January 31st, residents warned about the burglars using WiFi jammers to impact security systems, especially surveillance cameras.
Many home security devices connect directly to the WiFi network or a smart home hub using radio frequencies such as 2.4 GHz. Their signal strength is limited and is susceptible to interference.
Jammers can overpower signals from security devices by sending a “loud” noise in the same range of frequencies. For receivers, it’s then impossible to distinguish between the genuine signals and the disruptive noise generated by the jammers.
The use of jammers in the United States is banned by the Federal Communications Commission
Source: Burglars using jammers to disable wireless smart home security | Cybernews
De-authing involves sending packets which disconnect devices from the network and is much easier than jamming.
]]>Researchers based in Washington and Chicago have developed ArtPrompt, a new way to circumvent the safety measures built into large language models (LLMs). According to the research paper ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs, chatbots such as GPT-3.5, GPT-4, Gemini, Claude, and Llama2 can be induced to respond to queries they are designed to reject using ASCII art prompts generated by their ArtPrompt tool. It is a simple and effective attack, and the paper provides examples of the ArtPrompt-induced chatbots advising on how to build bombs and make counterfeit money.
[…]
To best understand ArtPrompt and how it works, it is probably simplest to check out the two examples provided by the research team behind the tool. In Figure 1 above, you can see that ArtPrompt easily sidesteps the protections of contemporary LLMs. The tool replaces the ‘safety word’ with an ASCII art representation of the word to form a new prompt. The LLM recognizes the ArtPrompt prompt output but sees no issue in responding, as the prompt doesn’t trigger any ethical or safety safeguards.
Another example provided in the research paper shows us how to successfully query an LLM about counterfeiting cash. Tricking a chatbot this way seems so basic, but the ArtPrompt developers assert how their tool fools today’s LLMs “effectively and efficiently.” Moreover, they claim it “outperforms all [other] attacks on average” and remains a practical, viable attack for multimodal language models for now.
[…]
]]>[…] We present a comprehensive Taxonomical Ontology of Prompt Hacking techniques, which categorizes various methods used to manipulate Large Language Models (LLMs) through prompt hacking. This taxonomical ontology ranges from simple instructions and cognitive hacking to more complex techniques like context overflow, obfuscation, and code injection, offering a detailed insight into the diverse strategies used in prompt hacking attacks.
Figure 5: A Taxonomical Ontology of Prompt Hacking techniques. Blank lines are hypernyms (i.e., typos are an instance of obfuscation), while grey arrows are meronyms (i.e., Special Case attacks usually contain a Simple Instruction). Purple nodes are not attacks themselves but can be a part of attacks. Red nodes are specific examples.
This dataset, comprising over 600,000 prompts, is split into two distinct collections: the Playground Dataset and the Submissions Dataset. The Playground Dataset provides a broad overview of the prompt hacking process through completely anonymous prompts tested on the interface, while the Submissions Dataset offers a more detailed insight with refined prompts submitted to the leaderboard, exhibiting a higher success rate of high-quality injections.
[…]
The table below contains success rates and total distribution of prompts for the two datasets.
Total Prompts | Successful Prompts | Success Rate | |
---|---|---|---|
Submissions | 41,596 | 34,641 | 83.2% |
Playground | 560,161 | 43,295 | 7.7% |
Table 2: With a much higher success rate, the Submissions Dataset dataset contains a denser quantity of high quality injections. In contract, Playground Dataset is much larger and demonstrates competitor exploration of the task.
Source: HackAPrompt
]]>Italy’s newly-installed Piracy Shield system, put in place by the country’s national telecoms regulator, Autorità per le Garanzie nelle Comunicazioni (Authority for Communications Guarantees, AGCOM), is already failing in significant ways. One issue became evident in February, when the VPN provider AirVPN announced that it would no longer accept users resident in Italy because of the “burdensome” requirements of the new system. Shortly afterwards, TorrentFreak published a story about the system crashing under the weight of requests to block just a few hundred IP addresses. Since there are now around two billion copyright claims being made every year against YouTube material, it’s unlikely that Piracy Shield will be able to cope once takedown requests start ramping up, as they surely will.
That’s a future problem, but something that has already been encountered concerns one of the world’s largest and most important content delivery networks (CDN), Cloudflare. CDNs have a key function in the Internet’s ecology. They host and deliver digital material to users around the globe, using their large-scale infrastructure to provide this quickly and efficiently on behalf of Web site owners. Blocking CDN addresses is reckless: it risks affecting thousands or even millions of sites, and compromises some of the basic plumbing of the Internet. And yet according to a post on TorrentFreak, that is precisely what Piracy Shield has now done:
Around 16:13 on Saturday [24 February], an IP address within Cloudflare’s AS13335, which currently accounts for 42,243,794 domains according to IPInfo, was targeted for blocking [by Piracy Shield]. Ownership of IP address 188.114.97.7 can be linked to Cloudflare in a few seconds, and doubled checked in a few seconds more.
The service that rightsholders wanted to block was not the IP address’s sole user. There’s a significant chance of that being the case whenever Cloudflare IPs enter the equation; blocking this IP always risked taking out the target plus all other sites using it.
The TorrentFreak article lists a few of the evidently innocent sites that were indeed blocked by Piracy Shield, and notes:
Around five hours after the blockade was put in place, reports suggest that the order compelling ISPs to block Cloudflare simply vanished from the Piracy Shield system. Details are thin, but there is strong opinion that the deletion may represent a violation of the rules, if not the law.
That lack of transparency about what appears to be a major overblocking is part of a larger problem, which affects those who are wrongfully cut off. As TorrentFreak writes, AGCOM’s “rigorous complaint procedure” for Piracy Shield “effectively doesn’t exist”:
information about blocks that should be published to facilitate correction of blunders, is not being published, also in violation of the regulations.
That matters, because appeals against Piracy Shield’s blocks can only be made within five working days of their publication. As a result, the lack of information about erroneous blocks makes it almost impossible for those affected to appeal in time:
That raises the prospect of a blocked innocent third party having to a) proactively discover that their connectivity has been limited b) isolate the problem to Italy c) discover the existence of AGCOM d) learn Italian and e) find the blocking order relating to them.
No wonder, then that:
some ISPs, having seen the mess, have decided to unblock some IP addresses without permission from those who initiated the mess, thus contravening the rules themselves.
In other words, not only is the Piracy Shield system wrongly blocking innocent sites, and making it hard for them to appeal against such blocks, but its inability to follow the law correctly is causing ISPs to ignore its rulings, rendering the system pointless.
This combination of incompetence and ineffectiveness brings to mind an earlier failed attempt to stop people sharing unauthorized copies. It’s still early days, but there are already indications that Italy’s Piracy Shield could well turn out to be a copyright fiasco on the same level as France’s Hadopi system, discussed in detail in Walled Culture the book (digital versions available free).
Source: Italy’s Piracy Shield Blocks Innocent Web Sites And Makes It Hard For Them To Appeal | Techdirt
]]>[…]According to the authors of this new paper, published this month in The Lancet Neurology, there hasn’t yet been a full accounting of all the illnesses tied to our brain and nervous system, such as neurodevelopmental disorders. For this study, scientists looked at 37 unique conditions in total, including migraines, seizures, various forms of dementia, and more.
As of 2021, the study authors found, about 3.4 billion people (43% of the world’s population) are living with at least one of these neurological conditions. Compared to other broad groups of illness, such as infectious diseases, these conditions are estimated to be the leading cause of ill health and disability. This burden isn’t felt equally, however, with about 80% of neurological deaths and illnesses experienced in low- to middle-income countries. Some of the top 10 major contributors to the loss of healthy years include stroke, neonatal encephalopathy, migraine, dementia, and diabetic neuropathy (nerve damage caused by advanced diabetes).
[…]
Between 1990 and 2021, the study found, the rate of people living with or dying from neurological conditions has decreased, after adjusting for age—meaning that the chance of developing any one of these problems has shrunk over time. But since the global population has continued to grow, the absolute number of lost healthy years has increased 18% since then. And while the neurological harm caused by some conditions like stroke, rabies, and meningitis has decreased, the harm from others has increased, with cases of diabetic neuropathy having tripled over the past 30 years.
Though there has been some success in reducing or preventing important risk factors tied to neurological illness since 1990, such as greater vaccination coverage for certain diseases like tetanus, the authors say more can and should be done. Actions like reducing air pollution or preventing high blood pressure could substantially reduce the burden of stroke, for instance, while further eliminating lead exposure would prevent many cases of intellectual disability.
[…]
Source: Our Brains Are in Trouble: Nearly Half the World Living with Neurological Illness
]]>Ethiopia’s biggest commercial bank is scrambling to recoup large sums of money withdrawn by customers after a “systems glitch”.
The customers discovered early on Saturday that they could take out more cash than they had in their accounts at the Commercial Bank of Ethiopia (CBE).
More than $40m (£31m) was withdrawn or transferred to other banks, local media reported.
It took several hours for the institution to freeze transactions.
Much of the money was withdrawn from state-owned CBE by students, bank president Abe Sano told journalists on Monday.
News of the glitch spread across universities largely via messaging apps and phone calls.
Long lines formed at campus ATMs, with a student in western Ethiopia telling BBC Amharic people were withdrawing money until police officers arrived on campus to stop them.
[…]
Ethiopia’s central bank, which serves as the financial sector’s governing body, released a statement on Sunday saying “a glitch” had occurred during “maintenance and inspection activities”.
The statement, however, focused on the interrupted service that occurred after CBE froze all transactions. It did not mention the money withdrawn by customers.
Mr Sano did not say exactly how much money was withdrawn during Saturday’s incident, but said the loss incurred was small when compared to the bank’s total assets.
He stated that CBE was not hit by a cyber-attack and that customers should not be worried as their personal accounts were intact.
At least three universities have released statements advising students to return any money not belonging to them that they may have taken from CBE.
Anyone returning money will not be charged with a criminal offence, Mr Sano said.
But it’s not clear how successful the bank’s attempts to recoup their money has been so far.
The student from Jimma University said on Monday he had not heard of anyone giving the money back, but said he had seen police vehicles on campus.
[…]
Source: Commercial Bank of Ethiopia glitch lets customers withdraw millions
]]>They might want to add a new AI assistant developed by Google DeepMind to their arsenal. It can suggest tactics for soccer set-pieces that are even better than those created by professional club coaches.
The system, called TacticAI, works by analyzing a dataset of 7,176 corner kicks taken by players for Liverpool FC, one of the biggest soccer clubs in the world.
Corner kicks are awarded to an attacking team when the ball passes over the goal line after touching a player on the defending team. In a sport as free-flowing and unpredictable as soccer, corners—like free kicks and penalties—are rare instances in the game when teams can try out pre-planned plays.
TacticAI uses predictive and generative AI models to convert each corner kick scenario—such as a receiver successfully scoring a goal, or a rival defender intercepting the ball and returning it to their team—into a graph, and the data from each player into a node on the graph, before modeling the interactions between each node. The work was published in Nature Communications today.
Using this data, the model provides recommendations about where to position players during a corner to give them, for example, the best shot at scoring a goal, or the best combination of players to get up front. It can also try to predict the outcomes of a corner, including whether a shot will take place, or which player is most likely to touch the ball first.
[…]
To assess TacticAI’s suggestions, GoogleDeepMind presented them to five football experts: three data scientists, one video analyst, and one coaching assistant, all of whom work at Liverpool FC. Not only did these experts struggle to distinguish’s TacticAI’s suggestions from real game play scenarios, they also favored the system’s strategies over existing tactics 90% of the time.
[…]
TacticAI’s powers of prediction aren’t just limited to corner kicks either—the same method could be easily applied to other set pieces, general play throughout a match, or even other sports entirely, such as American football, hockey, or basketball,
[…]
VPN demand in Texas skyrocketed by 234.8% on March 15, 2024, after state authorities enacted a law requiring adult sites to verify users’ ages before granting them access to the websites’ content.
Texas’ age verification law was passed in June 2023 and was set to take effect in September of the same year. However, a day before its implementation, a US district judge temporarily blocked enforcement after a lawsuit filed by the Free Speech Coalition (FSC) deemed the policy unconstitutional per the First Amendment.
On March 14, 2024, the US Court of Appeals for the 5th Circuit decreed that Texas could proceed with the law’s enactment.
As a sign of protest, Pornhub, the most visited adult site in the US, blocked IP addresses from Texas — the eighth state to suffer such a ban after their respective governments enforced similar restrictions on adult sites.
[…]
Following the law’s enactment, users in Texas seem to be scrambling for means to access the affected adult sites. vpnMentor’s research team analyzed user demand data and found a 234.8% increase in VPN demand in the state.
The graph below shows the VPN demand in Texas from March 1 to March 16.
Pornhub has previously blocked IP addresses from Louisiana, Mississippi, Arkansas, Utah, Virginia, North Carolina, and Montana — all of which have enforced age-verification laws that the adult site deemed unjust.
In May 2023, Pornhub’s banning of Utah-based users caused a 967% spike in VPN demand in the state. That same year, the passing of adult-site-related age restriction laws in Louisiana and Mississippi led to a 200% and 72% surge in VPN interest, respectively.
Source: VPN Demand Surges Post Adult Site Restriction on Texas-Based Users
]]>In this article we’ll investigate what makes airplanes fly by looking at the forces generated by the flow of air around the aircraft’s wings. More specifically, we’ll focus on the cross section of those wings to reveal the shape of an airfoil – you can see it presented in yellow below:
We’ll find out how the shape and the orientation of the airfoil helps airplanes remain airborne. We’ll also learn about the behavior and properties of air and other flowing matter.
Source: Airfoil – Bartosz Ciechanowski
The article goes very deeply into how air flow works and is modelled, how velocity and pressure affect vectors, the shape of an airfoil, the boundry layer and the angle of attack. It requires a bit of scrolling before you get to the planes, but it’s mesmerising to play with the sliders.
]]>Described in a research paper titled “VLOGGER: Multimodal Diffusion for Embodied Avatar Synthesis,” the AI model can take a photo of a person and an audio clip as input, and then output a video that matches the audio, showing the person speaking the words and making corresponding facial expressions, head movements and hand gestures. The videos are not perfect, with some artifacts, but represent a significant leap in the ability to animate still images.
The researchers, led by Enric Corona at Google Research, leveraged a type of machine learning model called diffusion models to achieve the novel result. Diffusion models have recently shown remarkable performance at generating highly realistic images from text descriptions. By extending them into the video domain and training on a vast new dataset, the team was able to create an AI system that can bring photos to life in a highly convincing way.
“In contrast to previous work, our method does not require training for each person, does not rely on face detection and cropping, generates the complete image (not just the face or the lips), and considers a broad spectrum of scenarios (e.g. visible torso or diverse subject identities) that are critical to correctly synthesize humans who communicate,” the authors wrote.
A key enabler was the curation of a huge new dataset called MENTOR containing over 800,000 diverse identities and 2,200 hours of video — an order of magnitude larger than what was previously available. This allowed VLOGGER to learn to generate videos of people with varied ethnicities, ages, clothing, poses and surroundings without bias.
The paper demonstrates VLOGGER’s ability to automatically dub videos into other languages by simply swapping out the audio track, to seamlessly edit and fill in missing frames in a video, and to create full videos of a person from a single photo.
[…] One could imagine actors being able to license detailed 3D models of themselves that could be used to generate new performances. The technology could also be used to create photorealistic avatars for virtual reality and gaming. And it might enable the creation of AI-powered virtual assistants and chatbots that are more engaging and expressive.[…] the technology also has the potential for misuse, for example in creating deepfakes — synthetic media in which a person in a video is replaced with someone else’s likeness. As these AI-generated videos become more realistic and easier to create, it could exacerbate the challenges around misinformation and digital fakery.
[…]
Source: Google researchers unveil ‘VLOGGER’, an AI that can bring still photos to life | VentureBeat
]]>The Apex Legends Global Series is currently in regional finals mode, but the North America finals have been delayed after two players were hacked mid-match. First, Noyan “Genburten” Ozkose of DarkZero suddenly found himself able to see other players through walls, then Phillip “ImperialHal” Dosen of TSM was given an aimbot.
Genburten’s hack happened part of the way through the day’s third match. A Twitch clip of the moment shows the words “Apex hacking global series by Destroyer2009 & R4ndom” repeating over chat as he realizes he’s been given a cheat and takes his hands off the controls. “I can see everyone!” he says, before leaving the match.
ImperialHal was hacked in the game immediately after that. “I have aimbot right now!” he shouts in a clip of the moment, before declaring “I can’t shoot.” Though he continued attempting to play out the round, the match was later abandoned.
The volunteers at the Anti-Cheat Police Department have since issued a PSA announcing, “There is currently an RCE exploit being abused in [Apex Legends]” and that it could be delivered via from the game itself, or its anti-cheat protection. “I would advise against playing any games protected by EAC or any EA titles”, they went on to say.
As for players of the tournament, they strongly recommended taking protective measures. “It is advisable that you change your Discord passwords and ensure that your emails are secure. also enable MFA for all your accounts if you have not done it yet”, they said, “perform a clean OS reinstall as soon as possible. Do not take any chances with your personal information, your PC may have been exposed to a rootkit or other malicious software that could cause further damage.”
]]>[…] Stonebraker says that the spark for the idea for DBOS, which is short for database operating system, came when he was listening to a talk by Zacharia, who among other things was the creator of the Spark in-memory database while at the AMPLab at the University of California Berkeley and the co-founder and chief technology officer of Databricks, which has commercialized Spark.
“This talk was at Stanford three and a half years ago,” Stonebraker tells The Next Platform. “And Matei said that Databricks was routinely orchestrating a million Spark subtasks on sizeable clouds and that Databricks had to keep track of scheduling a million things. He said that this can’t be done with traditional operating system scheduling, and so this was done out of a Postgres database. And then he started to whine that Postgres was too slow, and I told him we can do better than that.”
[…]
And rather than fight about it, Stonebraker and Zaharia teamed up to create an operating system based on a database rather than a database bolt on for an operating system.
[…]
tonebraker and Zaharia played around with ideas, and built a prototype operating system on VoltDB to prove it would work; then they founded a company to commercialize the idea in April 2023 and secured $8.5 million initial seed funding to start building the real DBOS. Engine Ventures and Construct Capital led the funding, along with Sinewave and GutBrain Ventures.
[…]
“The state that the operating system has to keep track of – memory, files, messages, and so on – is approximately linear to the resources you have got,” says Stonebraker. “So without me saying another word, keeping track of operating system state is a database problem not addressed by current operating system schedulers. Moreover, OLTP database performance has gone up dramatically, and that is why we thought instead of running the database system in user space on top of the operating system, why don’t we invert our thinking 180 degrees and run the operating system on top of the database, with all of the operating services are coded in SQL?”
[…]
FoundationDB is a blazingly fast NoSQL database, which means that it does support the ACID properties of a relational database but which does not offer full SQL compliance. (Stonebraker tells us that DBOS eventually will do that, which seems to imply the underlying database engine will change.) Right now, DBOS has been tested running across 1,000 cores running applications coded in TypeScript, but Stonebraker says there is no reason to believe that DBOS can’t scale across 1 million cores or more and support Java, Python, and other application languages as they are needed by customers.
[…]
thanks to the distributed database underpinnings of its kernel, it can do things that a Linux kernel just cannot do. And it can do all of these things without a full Linux OS and without Kubernetes containing things, and without having to bolt Postgres onto the side of the database middleware.
One is provide reliable execution, which means that is a program running atop DBOS is ever interrupted, it starts where it left off and does not have to redo its work from some arbitrary earlier point and does not crash and have to start from the beginning. And because every little bit of the state of the operating system – and therefore the applications that run atop it – is preserved, you can go backwards in time in the system and restart the operating system if it experiences some sort of anomaly, such as a bad piece of application software running or a hack attack. You can use this “time travel” feature, as Stonebraker calls it, to reproduce what are called heisenbugs – ones that are very hard to reproduce precisely because there is no shared state in the distributed Linux and Kubernetes environment and that are increasingly prevalent in a world of microservices.
[…]
One last thing. We know of operating systems that had an intimate relationship with a database, but this twist is actually a new one in that the operating system kernel/schedular is itself largely a database and services are created in database languages.
For example. IBM’s System/38 and AS/400 minicomputers had a relational database at the heart of the operating system and in fact the database was the only file system allowed on these machines from 1978 through 1996, at which time IBM pulled the database out of the operating system and added in the OS/2 Parallel File System to give a POSIX-compliant, ASCII formatted file system for the AS/400. (Which is known today as the IBM i proprietary operating system.) The Pick operating system similarly had an integrated database, too. And of course, the “Longhorn” version of Windows Server 2008 was supposed to have the WinFS file system, which was based on a relational database, embedded in it, but that effort was spiked a decade and a half ago.
Which brings us to that one last thing: There is no reason why DBOS cannot complete the circle and not only have a database as an operating system kernel, but also have a relational database as the file system for applications.
Source: The Cloud Outgrows Linux, And Sparks A New Operating System
]]>After a 523-46 voting result, with 49 abstentions, the act heads down a lengthy and complex implementation path. An AI Office that will guide the process under the Commission’s wing has already started hiring.
The Act sets out a tiered approach to regulation based on how risky applications of the technology are deemed and sets different deadlines for implementing the various requirements.
Some uses of AI, such as algorithm-based social scoring, will be prohibited by the end of 2024. Other uses, such as critical infrastructure, are deemed high-risk and will face stricter rules. Under the current timeline, full implementation will come in 2026.
[…]
Many compromises had to be made, which was evident in today’s press conference in advance of the vote. “We are regulating as little as possible — but as much as needed!” said Thierry Breton, the Commissioner for Internal Market.
The use of real-time biometric identification was also a key part of the negotiations. “If you remember the original position of the European Parliament on this topic of the biometric cameras, it was a complete ban. But we are in a legislative process where negotiations need to be done,” said Brando Benifei, an Italian Member of the E.U. Parliament who acted as co-rapporteur on the file, at a press conference today (13 March).
At the same time, an AI Convention to protect human rights, democracy and the rule of law is currently negotiated in Strasbourg at the Council of Europe, a human rights body.
Source: Europe’s landmark AI Act passes Parliament vote – Euractiv
This is a good thing and you can see the world is looking at the EU to see what they are doing. India has adopted a broadly similar approach and China’s AI regulations are closely aligned, as are proposed US regulations. The risk taking approach is a good one and the EU is building organisations to back up the bite in this act.
]]>On Wednesday, WBZ News reported its investigations team receiving dog breed results from the company DNA My Dog after one of its reporters sent in a swab sample – from her own cheek.
According to the results from the Toronto-based company, WBZ News reporter Christina Hager is 40% Alaskan malamute, 35% shar-pei and 25% labrador.
Hager also sent her samples to two other pet genetic testing companies. The Melbourne, Australia- and Florida-based company Orivet reported that the sample “failed to provide the data necessary to perform the breed ID analysis”. Meanwhile, Washington-based company Wisdom Panel said that the sample “didn’t provide … enough DNA to produce a reliable result”.
WBZ News’ latest report comes after its investigations team sent in a sample from New Hampshire pet owner Michelle Leininger’s own cheek to DNA My Dog last year. In turn, the results declared Leininger 40% border collie, 32% cane corso and 28% bulldog.
[…]
Speaking to WBZ News last year following Leininger’s results, Lisa Moses, a Harvard Medical School veterinarian and bioethicist said: “I think that is a red flag for sure … A company should know if they’ve in any basic way analyzed a dog’s DNA, that that is not a dog.”
[…]
Source: Pet DNA testing company in doghouse after identifying human as canine | Dogs | The Guardian
]]>Pornhub has disabled its site in Texas to object to a state law that requires the company to verify the age of users to prevent minors from accessing the site.
Texas residents who visit the site are met with a message from the company that criticizes the state’s elected officials who are requiring them to track the age of users.
The company said the newly passed law impinges on “the rights of adults to access protected speech” and fails to pass strict scrutiny by “employing the least effective and yet also most restrictive means of accomplishing Texas’s stated purpose of allegedly protecting minors.”
Pornhub said safety and compliance are “at the forefront” of the company’s mission, but having users provide identification every time they want to access the site is “not an effective solution for protecting users online.” The adult content website argues the restrictions instead will put minors and users’ privacy at risk.
[…]
The announcement from Pornhub follows the news that Texas Attorney General Ken Paxton (R) was suing Aylo, the pornography giant that owns Pornhub, for not following the newly enacted age verification law.
Paxton’s lawsuit is looking to have Aylo pay up to $1,600,000, from mid-September of last year to the date of the filing of the lawsuit and an additional $10,000 each day since filing.
[…]
Paxton released a statement on March 8, calling the ruling an “important victory.” The court ruled that the age verification requirement does not violate the First Amendment, Paxton said, saying he won in the fight against Pornhub and other pornography companies.
The state Legislature passed the age verification law last year, requiring companies that distribute sexual material that could be harmful to minors to confirm users to the platform are older than 18 years. The law asks users to provide government-issued identification or public or private data to verify they are of age to access the site.
Source: Pornhub disables website in Texas after AG sues for not verifying users’ ages | The Hill
Age verification is not only easily bypassed, but also extremely sensitive due to the nature of the documents you need to upload to the verification agency. Big centralised databases get hacked all the time and this one would be a massive target, also leaving people in it potentially open to blackmail, as they would be linked to a porn site – which for some reason Americans find problematic.
]]>A shipping vessel left China for Brazil while sporting some new improvements last August—a pair of 123-feet-tall, solid “wings” retrofitted atop its deck to harness wind power for propulsion assistance. But after its six-week maiden voyage testing the green energy tech, the Pyxis Ocean MC Shipping Kamsarmax vessel apparently had many more trips ahead of it. Six months later, its owners at the shipping company, Cargill, shared the results of those journeys this week—and it sounds like the vertical WindWing sails could offer a promising way to reduce existing vessels’ emissions.
Using the wind force captured by its two giant, controllable sails to boost its speed, Pyxis Ocean reportedly saved an average of 3.3 tons of fuel each day. And in optimal weather conditions, its trips through portions of the Indian, Pacific, and Atlantic Oceans reduced fuel consumption by over 12 tons a day. According to Cargill’s math, that’s an average of 14 percent less greenhouse gas emissions from the ship. On its best days, Pyxis Ocean could cut that down by 37 percent. In all, the WindWing’s average performance fell within 10 percent ts designers’ computational fluid dynamics simulation predictions.
[Related: A cargo ship with 123-foot ‘WindWing’ sails has just departed on its maiden voyage.]
In total, an equally sized ship outfitted with two WindWings could annually save the same amount of emissions as removing 480 cars from roads—but that could even be a relatively conservative estimate, according to WindWing’s makers at BAR Technologies.
“[W]hile the Pyxis Ocean has two WindWings, we anticipate the majority of Kamsarmax vessels will carry three wings, further increasing the fuel savings and emissions reductions by a factor of 1.5,” BAR Technologies CEO John Cooper said in a statement on Tuesday.
[…]
Source: A cargo ship’s ‘WindWing’ sails saved it up to 12 tons of fuel per day | Popular Science
]]>Microsoft has been pushing Bing pop-up ads in Chrome on Windows 10 and 11. Windows Latest and The Verge reported on Friday that the ad encourages Chrome users (in bold lettering) to use Bing instead of Google search. “Chat with GPT-4 for free on Chrome! Get hundreds of daily chat turns with Bing Al”, the ad reads. If you click “Yes,” the pop-up will install the “Bing Search” Chrome extension while making Microsoft’s search engine the default.
If you click “Yes” on the ad to switch to Bing, a Chrome pop-up will appear, asking you to confirm that you want to change the browser’s default search engine. “Did you mean to change your search provider?” the pop-up asks. “The ‘Microsoft Bing Search for Chrome’ extension changed search to use bing.com,’” Chrome’s warning states.
Directly beneath that alert, seemingly in anticipation of Chrome’s pop-up, another Windows notification warns, “Wait — don’t change it back! If you do, you’ll turn off Microsoft Bing Search for Chrome and lose access to Bing Al with GPT-4 and DALL-E 3. Select Keep it to stay with Microsoft Bing.”
Essentially, users are caught in a war of pop-ups between one company trying to pressure you into using its AI assistant / search engine and another trying to keep you on its default (which you probably wanted if you installed Chrome in the first place). Big Tech’s battles for AI and search supremacy are turning into obnoxious virtual shouting matches in front of users’ eyeballs as they try to browse the web.
There doesn’t appear to be an easy way to prevent the ad from appearing.
[…]
Source: Microsoft is once again asking Chrome users to try Bing through unblockable pop-ups
And just when you’d thought you’d lived through the first browser wars, there’s this and Apple’s browser tantrums as well! (Apple stamps feet but now to let EU developers distribute apps from the web, Apple reverses hissy fit decision to remove Home Screen web apps in EU, Shameless Insult, Malicious Compliance, Junk Fees, Extortion Regime: Industry Reacts To Apple’s Proposed Changes Over Digital Markets Act, Mozilla says Apple’s new browser rules are ‘as painful as possible’ for Firefox)
]]>Epic Games has already accused Apple of “malicious compliance” with the EU’s new competition laws, and now it’s making the same allegation stateside. In a new legal filing, it accused Apple of non-compliance with a 2021 ruling that allowed developers to bypass Apple’s 30 percent cut of in-app payments and is asking the court to enforce the original injunction.
Once the Supreme Court declined to hear an appeal of the ruling, Apple released revised guidelines, forcing developers to apply for an “entitlement,” while still offering the option to purchase through Apple’s own billing system. Moreover, Apple still charged a 27 percent commission on any sales made through links to external payment systems (or 12 percent for participants in the iOS Small Business Program).
Epic argued that those fees are “essentially the same” as what it charges using its own in-app payment (IAP) system. To that end, it accused the company of failing to comply with the order, with the fees making the links “commercially unusable.”
It also said that Apple requires a “plain button style” for external links that’s “not a button at all” and violates the injunction forcing Apple to remove restrictions on “steering” users to alternative payment “buttons, external links or other calls to action.” It added that Apple violated the injunction in a third way by prohibiting multi-platform apps like Minecraft from showing external payment links. Epic included statements from other developers including Paddle and Down Dog.
“Apple’s goal is clear: to prevent purchasing alternatives from constraining the supracompetitive fees it collects on purchases of digital goods and services,” the document reads. “Apple’s so-called compliance is a sham. Epic therefore seeks an order (i) finding Apple in civil contempt, (ii) requiring Apple to promptly bring its policies into compliance with the Injunction and (iii) requiring Apple to remove all anti-steering provisions in Guideline 3.1.3.”
[…]
Source: Epic accuses Apple of flouting court order by charging for external links on iOS apps
Evil empire indeed! Those 1984 adverts are becoming reality.
]]>From the very early days of the pandemic, brain fog emerged as a significant health condition that many experience after COVID-19.
Brain fog is a colloquial term that describes a state of mental sluggishness or lack of clarity and haziness that makes it difficult to concentrate, remember things and think clearly.
Fast-forward four years and there is now abundant evidence that being infected with SARS-CoV-2 – the virus that causes COVID-19 – can affect brain health in many ways.
In addition to brain fog, COVID-19 can lead to an array of problems, including headaches, seizure disorders, strokes, sleep problems, and tingling and paralysis of the nerves, as well as several mental health disorders.
A large and growing body of evidence amassed throughout the pandemic details the many ways that COVID-19 leaves an indelible mark on the brain. But the specific pathways by which the virus does so are still being elucidated, and curative treatments are nonexistent.
Now, two new studies published in the New England Journal of Medicine shed further light on the profound toll of COVID-19 on cognitive health.
[…]
Most recently, a new study published in the New England Journal of Medicine assessed cognitive abilities such as memory, planning and spatial reasoning in nearly 113,000 people who had previously had COVID-19. The researchers found that those who had been infected had significant deficits in memory and executive task performance.
[…]
In the same study, those who had mild and resolved COVID-19 showed cognitive decline equivalent to a three-point loss of IQ. In comparison, those with unresolved persistent symptoms, such as people with persistent shortness of breath or fatigue, had a six-point loss in IQ. Those who had been admitted to the intensive care unit for COVID-19 had a nine-point loss in IQ. Reinfection with the virus contributed an additional two-point loss in IQ, as compared with no reinfection.
[…]
Another study in the same issue of the New England Journal of Medicine involved more than 100,000 Norwegians between March 2020 and April 2023. It documented worse memory function at several time points up to 36 months following a positive SARS-CoV-2 test.
Taken together, these studies show that COVID-19 poses a serious risk to brain health, even in mild cases, and the effects are now being revealed at the population level.
A recent analysis of the U.S. Current Population Survey showed that after the start of the COVID-19 pandemic, an additional one million working-age Americans reported having “serious difficulty” remembering, concentrating or making decisions than at any time in the preceding 15 years. Most disconcertingly, this was mostly driven by younger adults between the ages of 18 to 44.
Data from the European Union shows a similar trend – in 2022, 15 percent of people in the EU reported memory and concentration issues.
[…]
]]>