SoylentNews

ChatGPT writes:

Malware turns home routers into proxies for Chinese state-sponsored hackers

Researchers have uncovered malicious firmware that can turn residential and small office routers into proxies for Chinese state-sponsored hackers. The firmware implant, discovered by Check Point Research, includes a full-featured backdoor that allows attackers to establish communication, issue commands, and perform file transfers with infected devices. The implant was found in TP-Link routers but could be modified to work on other router models.

The malware's main purpose is to relay traffic between infected targets and command-and-control servers, obscuring the origins and destinations of the communication. The control infrastructure was traced back to hackers associated with the Chinese government. By using a chain of infected devices, the attackers can hide the final command and control and make it difficult for defenders to detect and respond to the attack.

This technique of using routers and other IoT devices as proxies is a common tactic among threat actors. The researchers are unsure how the implant is installed on devices but suspect it could be through exploiting vulnerabilities or weak administrative credentials.

While the firmware image discovered so far only affects TP-Link devices, the modular design allows the threat actors to create images for a wider range of hardware. The article concludes with recommendations for users to check for potential infections and apply proactive mitigations such as patching routers and using strong passwords.

Original Submission

hubie writes:

Study examines how three decades of U.S. policies define junk food for taxation and other regulations:

How is "junk food" defined for food policies like taxes? A combination of food category, processing, and nutrients can determine which foods should be subject to health-related policies, according to a new analysis examining three decades of U.S. food policies by researchers at the NYU School of Global Public Health and the Friedman School of Nutrition Science and Policy at Tufts.

[...] "There is a growing recognition that an unhealthy diet stems from overconsumption of what we colloquially refer to as 'junk food,' " said Jennifer Pomeranz, assistant professor of public health policy and management at NYU School of Global Public Health and the first author of the study, published in the journal Milbank Quarterly. "However, public health efforts to address junk food are hindered by a lack of a uniform method to define junk food for policy purposes."

One policy example where a definition for junk food is needed is a junk food tax, which raises the price of such products to reduce consumption and generate revenue for other programs to improve the nutrition and health of communities in need. Previous research by NYU and Tufts shows that taxes on junk food are administratively and legally feasible.

[...] They identified and analyzed 47 laws and bills from 1991 through 2021, including one active junk food tax law implemented by the Navajo Nation, three state snack food sales taxes that were later repealed, and numerous junk food tax bills that have not been enacted. (Their analysis did not include policies that solely focused on beverages such as soda taxes.)

[...] The researchers were surprised that no state tax laws or bills directed the state's public health department to define the foods subject to the tax, a practice regularly used at the federal level and a mechanism that states could use to have experts define the foods to be taxed.

upstart writes:

Researchers are debating how the new domains will affect web security and users' habits:

In Google's own words, new generic top-level domains (gTLDs) can help self-expression, creativity and business. The previously approved list of "hundreds" of gTLDs entries now provides some troublesome additions such as "zip" and "mov," which can (and will) be abused to target users with sophisticated phishing attacks.

Google Registry has recently introduced 8 new top-level domains for "dads, grads, and techies," adding .dad, .phd, .prof, .esq, .foo, .nexus, .zip, and .mov to its growing list of some of the "most popular" gTLDs which also include .app and .dev. The .zip and .mov domains, however, have sparked a debate among experts about their potential consequences on internet and web overall security.

The zip and mov gTLDs were available in IANA's DNS records since 2014, but they have now become generally available thanks to Google's involvement. Now, anyone can purchase a ".zip" or ".mov" domain like "techspot.zip," even though the two suffixes have long been used to identify compressed file archives in Zip format and video clip files.

The overlap between two, extremely popular file formats – the Zip standard was created by Pkware in 1989, 34 years ago – and the recently registered web domains will bring new security threats to the internet ecosystem, some researchers said. Users could be deceived by malicious URLs shared on social networks or by mail, giving cyber-criminals new, "creative" tools to push malware installations, phishing campaigns or other nefarious activities.

upstart writes:

Alphabet and Meta are just a couple of the big names paying a startup to produce bio-oil as a way to trap CO2:

Some of the biggest names in tech have inked a deal to turn corn stalks and tree trimmings into a barbecue sauce ingredient and then pump the stuff underground to try to fight climate change.

That sounds wild, so let's break it down from the start. Alphabet, Meta, Stripe, Shopify, and McKinsey Sustainability launched a new climate initiative called Frontier about a year ago. The goal is to boost new technologies capable of sucking carbon dioxide out of the atmosphere by convincing other companies to buy into them.

Today, a San Francisco-based climate tech startup called Charm Industrial announced that Frontier's founding members and a smattering of other companies have agreed to pay Charm a total of $53 million to capture and store 112,000 tons of carbon dioxide between 2024 and 2030.

Some of the biggest names in tech have inked a deal to turn corn stalks and tree trimmings into a barbecue sauce ingredient

Charm has an unconventional way of getting that done. First, it collects agricultural and forestry waste — i.e., discarded corn stalks or branches leftover from logging. Wherever it finds that stuff, it sends its fleet of flatbed semi trucks hauling reactors that heat up the waste to 500 degrees Celsius without burning it. That turns the waste into bio-oil, a tarry-looking carbon-rich liquid.

The watery part of the bio-oil is essentially the same thing as liquid smoke, an ingredient used to give barbecue sauce and other foods a smokey flavor, according to Charm CEO and co-founder Peter Reinhardt.

Bio-oil also holds the carbon dioxide that the plants or trees its made from absorbed for photosynthesis. Had those corn stalks or tree branches been disposed of by burning or simply left to rot, that CO2 would have escaped again — heating the planet along with all the other emissions that come from burning fossil fuels.

owl writes:

http://www.righto.com/2023/05/8086-processor-group-decode-rom.html

A key component of any processor is instruction decoding: analyzing a numeric opcode and figuring out what actions need to be taken. The Intel 8086 processor (1978) has a complex instruction set, making instruction decoding a challenge. The first step in decoding an 8086 instruction is something called the Group Decode ROM, which categorizes instructions into about 35 types that control how the instruction is decoded and executed. For instance, the Group Decode ROM determines if an instruction is executed in hardware or in microcode. It also indicates how the instruction is structured: if the instruction has a bit specifying a byte or word operation, if the instruction has a byte that specifies the addressing mode, and so forth.

Original Submission

hubie writes:

Researchers Design Tool to Enhance Workplace Socialization in Remote, Hybrid Arrangements:

About one-third of our lives are spent at work, and the relationships we build there can have personal and professional benefits. But a majority of workers indicate difficulty connecting with co-workers socially, especially in the new landscape of remote and hybrid work arrangements.

To ease the friction caused by reduced in-person interaction, a team of researchers from Carnegie Mellon University's Human-Computer Interaction Institute created a Slack application that helps to initiate casual conversations and create affinity groups in an online workspace.

"We were freshly out of the pandemic, and we realized that everyone around us was complaining about how it's hard to build genuine connections," said Shreya Bali, the project's principal investigator who earned her master's degree from CMU's School of Computer Science in 2022. "Online modes of communication do provide us with the technical tools to make connections, but there is still a lot of hesitation to actually initiate such conversations when you are not in the same room as someone."

The team's new application, called Nooks, offers users a low-risk way to start new conversations in three phases: creation, incubation and activation. It starts with someone anonymously submitting a topic of interest. Then, the topic is incubated while the system presents it to other Slack users, allowing them to indicate if they are interested in the same topic. Once the incubation period is over, a private channel — or "nook" — is activated for this newly identified affinity group.

upstart writes:

Chinese Chip Industry to Focus on Perfecting Mature Nodes: Report:

Severe constraints on the development of the Chinese chip industry caused by strict export control rules that block People's Republic chipmakers from obtaining advanced wafer fab equipment (WFE) has triggered local specialists to rethink the nation's semiconductor strategy. While it is obvious that China will have to replace tools made abroad to make leading-edge chips in the long term, for now the country's chipmakers will have to focus on perfecting their mature nodes to stay competitive, reports DigiTimes.

Meanwhile, between 2022 and 2026, Jiwei Research estimates there will be 25 new 300-mm fabs in China, with a total capacity of over 1.6 million wafer starts per month. This could significantly increase China's chip production capacity, which will increase China's total 300-mm capacity to 2.76 million WSPM by 2026.

Without access to advanced equipment, all of these fabs will have to focus on 20nm – 90nm-class technologies, but it will better be able to rely on domestic suppliers. Consequently, companies within the Chinese semiconductor supply chain, spanning from raw materials, machinery, and electronic design automation (EDA), are reportedly shifting their growth strategies, prioritizing mature processes over advanced ones. For instance, Naura has declared that it will prioritize shipments of tools for trailing processes utilized by Chinese chipmakers.

Furthermore, a provider of photoresist materials has disclosed that the current industry emphasis is on mature processes, in the hope of spurring significant advancements in mature wafer production techniques. As of now, the development of cutting-edge processes is not at the forefront of Tianxia's semiconductor industry's agenda.

Freeman writes:

https://arstechnica.com/information-technology/2023/05/anthropics-claude-ai-can-now-digest-an-entire-book-like-the-great-gatsby-in-seconds/

On Thursday, AI company Anthropic announced it has given its ChatGPT-like Claude AI language model the ability to analyze an entire book's worth of material in under a minute. This new ability comes from expanding Claude's context window to 100,000 tokens, or about 75,000 words.

Like OpenAI's GPT-4, Claude is a large language model (LLM) that works by predicting the next token in a sequence when given a certain input. Tokens are fragments of words used to simplify AI data processing, and a "context window" is similar to short-term memory—how much human-provided input data an LLM can process at once.
[...]
While it may not sound impressive to pick out changes in a text (Microsoft Word can do that, but only if it has two documents to compare), consider that after feeding Claude the text of The Great Gatsby, the AI model can then interactively answer questions about it or analyze its meaning. 100,000 tokens is a big upgrade for LLMs. By comparison, OpenAI's GPT-4 LLM boasts context window lengths of 4,096 tokens (about 3,000 words) when used as part of ChatGPT and 8,192 or 32,768 tokens via the GPT-4 API (which is currently only available via waitlist).
[...]
Notably, Anthropic received a $300 million investment from Google in late 2022, with Google acquiring a 10 percent stake in the firm.

Anthropic says that 100K context windows are available now for users of the Claude API, which is currently restricted by a waitlist.

Original Submission

fliptop writes:

Microsoft cofounder Bill Gates says he's "scared" about artificial intelligence falling into the wrong hands, but unlike some fellow experts who have called for a pause on advanced A.I. development, he argues that the technology may already be on a runaway train:

The latest advancements in A.I. are revolutionary, Gates said in an interview with ABC published Monday, but the technology comes with many uncertainties. U.S. regulators are failing to stay up to speed, he said, and with research into human-level artificial intelligence advancing fast, over 1,000 technologists and computer scientists including Twitter and Tesla CEO Elon Musk signed an open letter in March calling for a six-month pause on advanced A.I. development until "robust A.I. governance systems" are in place.

But for Gates, A.I. isn't the type of technology you can just hit the pause button on.

"If you just pause the good guys and you don't pause everyone else, you're probably hurting yourself," he told ABC, adding that it is critical for the "good guys" to develop more powerful A.I. systems.

[...] "We're all scared that a bad guy could grab it. Let's say the bad guys get ahead of the good guys, then something like cyber attacks could be driven by an A.I.," Gates said.

The competitive nature of A.I. development means that a moratorium on new research is unlikely to succeed, he argued.

Originally spotted on The Eponymous Pickle.

Previously: Fearing "Loss of Control," AI Critics Call for 6-Month Pause in AI Development

Related: AI Weapons Among Non-State Actors May be Impossible to Stop

Original Submission

upstart writes:

Hammerhead sharks found to hold their breath on deep water hunts to stay warm:

Scalloped hammerhead sharks hold their breath to keep their bodies warm during deep dives into cold water where they hunt prey such as deep sea squids. This discovery, published in Science by University of Hawai'i at Mānoa researchers, provides important new insights into the physiology and ecology of a species that serves as an important link between the deep and shallow water habitats.

"This was a complete surprise," said Mark Royer, lead author and researcher with the Shark Research Group at the Hawai'i Institute of Marine Biology (HIMB) in the UH Mānoa School of Ocean and Earth Science and Technology. "It was unexpected for sharks to hold their breath to hunt like a diving marine mammal. It is an extraordinary behavior from an incredible animal."

Shark gills are natural radiators that would rapidly cool the blood, muscles, and organs if scalloped hammerhead sharks did not close their gill slits during deep dives into cold water. These sharks are warm water animals but feed at depths where seawater temperatures are similar to those found in Kodiak Alaska (around 5ºC/ 40ºF), yet they need to keep their bodies warm in order to hunt effectively.

"Although it is obvious that air-breathing marine mammals hold their breath while diving, we did not expect to see sharks exhibiting similar behavior," said Royer. "This previously unobserved behavior reveals that scalloped hammerhead sharks have feeding strategies that are broadly similar to those of some marine mammals, like pilot whales. Both have evolved to exploit deep dwelling prey and do so by holding their breath to access these physically challenging environments for short periods."

"ChatGPT" writes:

Sponges are more closely related to us than some animals with a nervous system:

A recent study challenges the idea that evolution always leads to increased complexity in animals. By analyzing gene arrangements on chromosomes, researchers sought to understand the evolutionary relationships between species.

The study found that sponges, which lack muscles and a nervous system, are more closely related to humans than comb jellies, which possess both traits. This contradicts the assumption that complexity determines evolutionary proximity. The research suggests two potential explanations: either sponges and other simple animals lost nerves and muscles over time, simplifying their body plans, or nerves and muscles evolved independently in different lineages.

Further investigation, such as studying the nerve and muscle cells of comb jellies in a lab, is needed to differentiate between these possibilities. The study underscores the complexity of animal evolution and challenges existing notions of evolutionary relationships based on traits and complexity.

Journal Reference:
Schultz, Darrin T., Haddock, Steven H. D., Bredeson, Jessen V., et al. Ancient gene linkages support ctenophores as sister to other animals [open], Nature (DOI: 10.1038/s41586-023-05936-6)

Original Submission

Original Submission

upstart writes:

EU Commission Asks EU Council Lawyers If Compelled Client-Side Scanning Is Legal, Gets Told It Isn't:

Lots of ideas have been floated by legislators and others in hopes of limiting the distribution of child sexual abuse material (CSAM). Very few of these ideas have been good. Most have assumed that the problem is so horrendous any efforts are justified. The problem here is that governments need to actually justify mandated mass privacy invasions, which is something that they almost always can't do.

It's even a fraught issue in the private sector. Apple briefly proposed engaging in client-side scanning of users' devices to detect CSAM and prevent its distribution. This effort was put on hold when pretty much everyone objected to Apple's proposal, stating the obvious problems it would create — a list that included undermining the security and privacy protections Apple has long used as evidence of its superiority over competing products and their manufacturers.

Not that legislators appear to care. The EU Commission continues to move forward with "for the children" client-side scanning mandate, despite the multitude of problems this mandate would create. Last year, the proposal was ripped to shreds by the EU Data Protection Board and its supervisor in a report that explained the mandate would result in plenty of privacy invasion and data privacy law violations that simply could not be excused by the Commission's desire to limit the spread of CSAM.

[...] So, the proposal continues to move forward, ignoring pretty much every rational person's objections and the German government's flat-out refusal to enforce this mandate should it actually become law.

The Commission has ignored pretty much everyone while pushing this massive privacy/security threat past the legislative goal line. But it may not be able to ignore the latest objections to its proposal, given that they're being raised by the EU government's own lawyers.

upstart writes:

China's phone giant Oppo disbands chip design unit as shipment slumps:

Chinese smartphone giant Oppo is disbanding its young chip design unit Zeku as weak global demand forces major handset manufacturers to cut costs and restrategize.

The decision comes as a surprise to those who believe the phone maker is bolstering its in-house chip development as rising geopolitical tensions with the U.S. threatens to cut Chinese firms off key suppliers. In the foreseeable future, Oppo will have to revert back to relying on third-party chip partners.

[...] Oppo explained its decision to cut its once-promising chip team in a statement issued today: "Due to the uncertainties in the global economy and the smartphone industry, we have to make difficult adjustments for long-term development. Therefore, the company has decided to cease the operation of Zeku."

In December 2021, Zeku revealed its first self-developed chipset, MariSilicon X, a neural processing unit designed to boost photo and video performance through machine learning, following Apple's path to bring chip design in-house. Zeku also set up a research base in Palo Alto.

[...] Oppo's retreat from chips signals another struggle from Chinese phone companies to strengthen their control over the semiconductor supply chain. Huawei lost access to advanced chips from the U.S. due to Trump-era sanctions, and its attempt to design its own high-end chips through HiSilicon floundered after the U.S. cut it off major foundries. The company resorted to spinning out its budget handset brand Honor, a move seen as a way to help the subsidiary circumvent the sanctions that have decimated Huawei's consumer business.

Original Submission

looorg writes:

https://www.blog.google/technology/safety-security/updating-our-inactive-account-policies/

Google to start deleting inactive personal email accounts. If your personal email account with Google have been inactive for two years it will, or may, be deleted.

To reduce this risk, we are updating our inactivity policy for Google Accounts to 2 years across our products. Starting later this year, if a Google Account has not been used or signed into for at least 2 years, we may delete the account and its contents ...

Notice that they MAY delete the account and all the content. Weird that they say may instead of will. Will some of them be kept around anyway? Are they saving the content but deleting the account? Is it so the Google AI can have one long good snoop before it goes into dev/null?

I might have missed it but to delete accounts for security reasons, that seems to be the reason given, is by itself sort of a security issue. After all what stops someone from re-registering the names afterwards. Hope that whatever mail they had keeps on sending to the address. Or it can be used to recover account credentials with other services. Deleting in that regard seems bad if they do not also block re-registration of said emails for a very very long time. Most of them will be duds but if you automate the process you'll hit digital credentials gold eventually.

If nothing else for spamming and scamming. After all johnny5753@gmail.com is your personal friend so whatever he mailed you must be real ...

Original Submission

mhajicek writes:

"Powerful magnetic pulses applied to the scalp to stimulate the brain can bring fast relief to many severely depressed patients for whom standard treatments have failed. Yet it's been a mystery exactly how transcranial magnetic stimulation, as the treatment is known, changes the brain to dissipate depression. Now, research led by Stanford Medicine scientists has found that the treatment works by reversing the direction of abnormal brain signals."

"When they analyzed fMRI data across the whole brain, one connection stood out. In the normal brain, the anterior insula, a region that integrates bodily sensations, sends signals to a region that governs emotions, the anterior cingulate cortex.

"You could think of it as the anterior cingulate cortex receiving this information about the body—like heart rate or temperature—and then deciding how to feel on the basis of all these signals," Mitra said.

In three-quarters of the participants with depression, however, the typical flow of activity was reversed: The anterior cingulate cortex sent signals to the anterior insula. The more severe the depression, the higher the proportion of signals that traveled the wrong way."

"When depressed patients were treated with SNT, the flow of neural activity shifted to the normal direction within a week, coinciding with a lifting of their depression."

https://medicalxpress.com/news/2023-05-depression-reversing-brain-wrong.html

Original Submission