SoylentNews

Freeman writes:

https://arstechnica.com/tech-policy/2024/10/harvard-students-make-auto-doxxing-smart-glasses-to-show-need-for-privacy-regs/

Two Harvard students recently revealed that it's possible to combine Meta smart glasses with face image search technology to "reveal anyone's personal details," including their name, address, and phone number, "just from looking at them."

In a Google document, AnhPhu Nguyen and Caine Ardayfio explained how they linked a pair of Meta Ray Bans 2 to an invasive face search engine called PimEyes to help identify strangers by cross-searching their information on various people-search databases. They then used a large language model (LLM) to rapidly combine all that data, making it possible to dox someone in a glance or surface information to scam someone in seconds—or other nefarious uses, such as "some dude could just find some girl's home address on the train and just follow them home," Nguyen told 404 Media.

This is all possible thanks to recent progress with LLMs, the students said.

[...] To prevent anyone from being doxxed, the co-creators are not releasing the code, Nguyen said on social media site X. They did, however, outline how their disturbing tech works and how shocked random strangers used as test subjects were to discover how easily identifiable they are just from accessing with the smart glasses information posted publicly online.

[...] But while privacy is clearly important to the students and their demo video strove to remove identifying information, at least one test subject was "easily" identified anyway, 404 Media reported. That test subject couldn't be reached for comment, 404 Media reported.

So far, neither Facebook nor Google has chosen to release similar technologies that they developed linking smart glasses to face search engines, The New York Times reported.

[...] In the European Union, where collecting facial recognition data generally requires someone's direct consent under the General Data Protection Regulation, smart glasses like I-XRAY may not be as big of a concern for people who prefer to be anonymous in public spaces. But in the US, I-XRAY could be providing bad actors with their next scam.

"If people do run with this idea, I think that's really bad," Ardayfio told 404 Media. "I would hope that awareness that we've spread on how to protect your data would outweigh any of the negative impacts this could have."

owl writes:

https://blog.cloudflare.com/patent-troll-sable-pays-up/

Back in February, we celebrated our victory at trial in the U.S. District Court for the Western District of Texas against patent trolls Sable IP and Sable Networks. This was the culmination of nearly three years of litigation against Sable, but it wasn't the end of the story.

Today we're pleased to announce that the litigation against Sable has finally concluded on terms that we believe send a strong message to patent trolls everywhere — if you bring meritless patent claims against Cloudflare, we will fight back and we will win.

[...] While Sable's technical expert tried his hardest to convince the jury that various software and hardware components of Cloudflare's servers constitute "line cards," his explanations defied credibility. The simple fact is that Cloudflare's servers do not have line cards.

[...] Ultimately, the jury understood, returning a verdict that Cloudflare does not infringe claim 25 of the '919 patent.

In the end, Sable agreed to pay Cloudflare $225,000, grant Cloudflare a royalty-free license to its entire patent portfolio, and to dedicate its patents to the public, ensuring that Sable can never again assert them against another company.

Let's repeat that first part, just to make sure everyone understands:

Sable, the patent troll that sued Cloudflare back in March 2021 asserting around 100 claims across four patents, in the end wound up paying Cloudflare. While this $225,000 can't fully compensate us for the time, energy and frustration of having to deal with this litigation for nearly three years, it does help to even the score a bit. And we hope that it sends an important message to patent trolls everywhere to beware before taking on Cloudflare.

Original Submission

Freeman writes:

https://arstechnica.com/security/2024/09/meta-slapped-with-101-million-fine-for-storing-passwords-in-plaintext/

Officials in Ireland have fined Meta $101 million for storing hundreds of millions of user passwords in plaintext and making them broadly available to company employees.

Meta disclosed the lapse in early 2019. The company said that apps for connecting to various Meta-owned social networks had logged user passwords in plaintext and stored them in a database that had been searched by roughly 2,000 company engineers, who collectively queried the stash more than 9 million times.
[...]
When Meta disclosed the lapse in 2019, it was clear the company had failed to adequately protect hundreds of millions of passwords.

"It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," Graham Doyle, deputy commissioner at Ireland's Data Protection Commission, said. "It must be borne in mind, that the passwords, the subject of consideration in this case, are particularly sensitive, as they would enable access to users' social media accounts."
[...]
To date, the EU has fined Meta more than $2.23 billion (2 billion euros) for violations of the General Data Protection Regulation (GDPR), which went into effect in 2018. That amount includes last year's record $1.34 billion (1.2 billion euro) fine, which Meta is appealing.

Original Submission

upstart writes:

A tale involving deepfakes, politics, and a magician:

Louisiana Democratic political consultant Steven Kramer was indicted in May over the robocalls. The 39-second message, which told people to 'save their votes' for the November presidential election, was created using a text-to-speech tool called ElevenLabs. The calls were spoofed so they appeared to originate from the former chairwoman of the New Hampshire Democratic Party, writes The New York Times.

Kramer had worked for Biden's primary rival, Rep. Dean Phillips, who condemned the calls. Kramer claimed that he paid $500 to have the calls sent to voters as a way of raising awareness about the dangers artificial intelligence can pose to election campaigns, which sounds like a questionable justification.

"For me to do that and get $5 million worth of exposure, not for me," Kramer told CBS New York. "I kept myself anonymous so the regulations could just play themselves out or begin to play themselves out. I don't need to be famous. That's not my intention. My intention was to make a difference."

Making a strange story even weirder, Kramer hired an actual New Orleans magician named Paul Carpenter to make the robocalls. Carpenter said creating the recording only took about 20 minutes and cost $1, and that Kramer paid him $150 via Venmo. He believed what he was doing had been authorized by President Biden's campaign. Carpenter's account has since been shut down by ElevenLabs.

The FCC writes that Kramer violated the Truth in Caller ID Act, which makes spoofed calls illegal when made with the intent to defraud, cause harm, or wrongfully obtain anything of value. The FCC this year voted to have the law apply to deepfakes.

Original Submission

Arthur T Knackerbracket has processed the following story:

California governor Gavin Newsom vetoed the state’s controversial AI safety law known as ‘Senate Bill 1047’ yesterday (29 September).

Newsom said he that did not think this legislation would be the best approach to protect the public from threats posed by AI.

“While well-intentioned, SB 1047 does not take into account whether an AI system is deployed in high-risk environments, involves critical decision-making or the use of sensitive data.

“Instead, the bill applies stringent standards to even the most basic functions — so long as a large system deploys it.”

Marred in controversy since its introduction earlier this year, the bill has been opposed by many – including politician Nancy Pelosi who called the bill “well-intentioned but ill-informed” and Silicon Valley heavyweights, including OpenAI which argued for a federal bill rather than a state one, accelerator Y Combinator, which signed a letter along with around 140 start-ups, stating that the bill could “threaten the vibrancy of California’s technology economy,” and AI start-up Anthropic which made suggestions that led to amendments in the bill.

Introduced earlier this year by state senator Scott Wiener, the bill’s aim was to ensure the safe development of AI systems by putting more responsibilities on developers.

[...] Instead of SB 1047, governor Newsom announced that he has enlisted expert assistance, who will “help California develop workable guardrails for deploying GenAI”.

The team of experts include the ‘godmother of AI’ Dr Fei-Fei Li; Tino Cuéllar, a member of the National Academy of Sciences Committee on Social and Ethical Implications of Computing Research; and Jennifer Tour Chayes, dean of the College of Computing, Data Science and Society at UC Berkeley.

Original Submission

Arthur T Knackerbracket has processed the following story:

Efficiency and scalability are key benefits of enterprise cloud computing, but they come at a cost. Security threats specific to cloud environments are the leading cause of concern among top executives and they're also the ones organizations are least prepared to address.

That's according to PwC's latest cybersecurity report, released today, which showed that cloud threats are the biggest security concern for most (42 percent) business leaders.

The top five threats, according to PwC's 4,020 respondents, comprise hack and leak operations (38 percent), third-party breaches (35 percent), attacks on connected products (33 percent), and ransomware (27 percent).

If you've just read that and questioned why ransomware is so low on the list, you might be a CISO. The level of concern about ransomware jumped to 42 percent when analyzing responses from CISOs alone.

[...] All the threats that feature in execs' top five deemed "most concerning" are perhaps unsurprisingly also the same as the threats organizations feel least prepared to address, although not quite in the same order.

[...] Of course, it wouldn't be a cybersecurity report in 2024 unless AI got its moment in the spotlight.

Despite generative AI being used for good in many cases, and the majority (78 percent) increasing their investment in the tech in the past year, it's the primary contributor to the widening attack surface faced by organizations.

More than two-thirds of respondents (67 percent) said genAI increased their susceptibility to attacks "slightly" or "significantly" – the most significant factor of any in the past year, although cloud was only narrowly behind at 66 percent.

Freeman writes:

https://arstechnica.com/ai/2024/09/ai-defeats-traffic-image-captcha-in-another-triumph-of-machine-over-man/

Anyone who has been surfing the web for a while is probably used to clicking through a CAPTCHA grid of street images, identifying everyday objects to prove that they're a human and not an automated bot.
[...]
ETH Zurich PhD student Andreas Plesner and his colleagues' new research, available as a pre-print paper, focuses on Google's ReCAPTCHA v2, which challenges users to identify which street images in a grid contain items like bicycles, crosswalks, mountains, stairs, or traffic lights. Google began phasing that system out years ago in favor of an "invisible" reCAPTCHA v3 that analyzes user interactions rather than offering an explicit challenge.
[...]
To craft a bot that could beat reCAPTCHA v2, the researchers used a fine-tuned version of the open source YOLO ("You Only Look Once") object-recognition model, which long-time readers may remember has also been used in video game cheat bots.

Original Submission

Arthur T Knackerbracket has processed the following story:

The UK's last coal plant will sigh out its final pollutants Monday before shutting down for good and officially ending the country's century and a half of coal production. Nottinghamshire's Ratcliffe-on-Soar plant was the last of its kind following Britain's 2015 commitment to close all coal power plants by 2025. Ratcliffe was originally scheduled to shut down in 2022 but stayed open after Russia invaded Ukraine and Europe entered a gas crisis.

The Ratcliffe plant once had 3,000 engineers but only employs 170 staff now. That group will gather to watch a livestream of the plant being turned off, and over 100 of them are set to work on decommissioning the plant over the next two years. Many of the other employees will enter new jobs at different power plants owned by Uniper, Raticliffe's German owner, while others will enter training programs to work on other aspects of the industry.

Britain opened the world's first coal power plant in 1882, London's Holborn Viaduct, with the help of Thomas Edison's Edison Electric Light Company. Coal has played a major part in the UK until very recently. According to a report from energy think tank Ember, coal was responsible for 39 percent of the UK's energy supply in 2012 but shrunk to just two percent in 2019. The decrease in coal production was reportedly equal to double the amount of all greenhouse gases used in the UK in 2023. Between 2012 and 2023, wind and solar generation also increased from six percent to a 34 percent share of the UK's energy. Britain still has a long way to go, but this step has made it the first G7 country to remove all coal power production.

Original Submission

Arthur T Knackerbracket has processed the following story:

The latest release of the de facto default desktop of most Linux distros brings some new features – but the GNOME 4x transition isn't done yet.

GNOME 47 was released last week, codenamed "Denver" after the venue for this year's GUADEC event. This release returns some touches of customization that had gone away, brings some long-wanted functional improvements, and a few new components.

Both Ubuntu 24.10 and Fedora 41 are in beta testing, and both should arrive in the middle of October with GNOME 47 as their default desktop environments. You can't fully judge GNOME 47 from Ubuntu "Oracular Oriole," though. Canonical tweaks the GNOME desktop environment a little with some pre-installed extensions to make it a little more familiar to long-term Ubuntu users. For instance, Ubuntu's default GNOME desktop has desktop icons, notification icons in the top panel, a permanent dock along the left screen edge, and a tool to assist with tiling windows. Fedora eschews these changes and ships a largely unmodified version, so it's much closer to the stock appearance.

GNOME 47 lets you set your own highlight color, so you're free to pick clashing combinations if you like – click to enlarge

The new feature that receives top billing in the version 47 release notes may thus seem a little puzzling to Ubuntu users: customizable accent colors. This is the color tint that's used to call out or highlight parts of the desktop, such as the current tab or the default button. Ubuntu users already had this, and if you're using GNOME 43 to 46 on a different distro, you can get this via an extension. Now everyone gets this option.

This is noteworthy because since GNOME 40, the environment doesn't permit users to customize their themes. As we described when we looked at GNOME 42, there is one official theme, "Adwaita," and both developers and users are meant to leave it alone, which has proved to be controversial. The Reg FOSS desk tends to leave theming to the professionals, and GNOME has some of the best in the business. GNOME designer Jakub Steiner's level of attention to detail can be discerned from his blog post about the wallpapers in GNOME 47.

[...] The new Text Editor app, which replaces the venerable Gedit, gets better printing and spellcheck. The new GNOME Console terminal emulator has more settings, such as scrollback size. GNOME Maps now has route planning, thanks to the external Transitous service. GNOME Calendar now has drag-and-drop import of ICS files for events, and better network calendar support. GNOME is still one of the best-of-breed FOSS environments for supporting network interoperability with cloud services, and this version gets better support for IMAP config, WebDAV, Microsoft 365, and more efficient Kerberos authentication. The Remote Desktop Connection app can now handle persistent sessions, meaning that it can resume a disconnected login session.

Freeman writes:

https://arstechnica.com/gadgets/2024/09/microsoft-details-security-privacy-overhaul-for-windows-recall-ahead-of-relaunch/

Microsoft is having another whack at its controversial Recall feature for Copilot+ Windows PCs, after the original version crashed and burned amid scrutiny from security researchers and testers over the summer. The former version of Recall recorded screenshots and OCR text of all user activity, and stored it unencrypted on disk where it could easily be accessed by another user on the PC or an attacker with remote access.

The feature was announced in late May, without having gone through any of the public Windows Insider testing that most new Windows features get, and was scheduled to ship on new PCs by June 18; by June 13, the company had delayed it indefinitely to rearchitect it and said that it would be tested through the normal channels before it was rolled out to the public.

Today, Microsoft shared more extensive details on exactly how the security of Recall has been re-architected in a post by Microsoft VP of Enterprise and OS Security David Weston.

Previously on SoylentNews:
Microsoft Will Try the Data-Scraping Windows Recall Feature Again in October - 20240822
"Recall" Will Now Be Opt-In: Microsoft Changes New Windows AI Feature After Backlash - 20240610
Total Recall: Microsoft Dealing With Trust Issues - 20240609
Windows Co-Pilot "Recall" Feature Privacy Nightmare - 20240524

Original Submission

canopic jug writes:

The Register is reporting that the US Army has ordered a new round of wheeled, equipment hauling robots.

The Small Multipurpose Equipment Transport Increment II (S-MET II) is set to be built by American Rheinmetall Vehicles and HDT Expeditionary Systems, the Army said. The pair were awarded a combined total of $22 million for eight prototype vehicles to be delivered at an unspecified future date.

There is also an official press release:

The second increment seeks to double that payload capacity while adding several improvements identified by Solders during evaluation and operation. Those improvements include: [...]

Previously:
(2017) US Army Brings Robotic Vehicles and UAVs Together in Combat Demonstration

Original Submission

Arthur T Knackerbracket has processed the following story:

As AMD flexes its muscles in the AI game, it is not only introducing new hardware but is betting on software too, trying to hit new market segments not already dominated by Nvidia. 

Thus, AMD has unveiled its first small language model, AMD-135M, which belongs to the Llama family and is aimed at private business deployments. It is unclear whether the new model has to do anything with the company's recent acquisition of Silo AI (as the deal has to be finalized and cleared by various authorities, so probably not), but this is a clear step in the direction of addressing the needs of specific customers with a pre-trained model done by AMD - using AMD hardware for inference.  

The main reason why AMD's models are fast is because they use so-called speculative decoding. Speculative decoding introduces a smaller 'draft model' that generates multiple candidate tokens in a single forward pass. Tokens are then passed to a larger, more accurate 'target model' that verifies or corrects them. On the one hand, this approach allows for multiple tokens to be generated simultaneously, yet on the other hand this comes at the cost of power due to increased data transactions.  

[...] AMD believes that further optimizations can lead to even better performance. Yet, as the company shares benchmark numbers of its previous-generation GPUs, we can only imagine what its current-generation (MI300X) and next-generation (MI325X) could do. 

Original Submission

Arthur T Knackerbracket has processed the following story:

Oracle could choose to take control of Ampere Computing, the Arm processor designer it has backed and uses in its cloud.

A proxy statement [PDF] filed on Wednesday reveals that Oracle held 29 percent stake in Ampere as of May 31, 2024, and has the option to gain majority control over the chip house in 2027.

"The total carrying value of our investments in Ampere, after accounting for losses under the equity method of accounting, was $1.5 billion as of May 31, 2024," the filing reads.

Oracle also revealed it extended $600 million in loans in the form of convertible debt to Ampere during its 2024 fiscal year, on top of $400 million in debt given during the prior fiscal year.

Ampere's debts are set to mature beginning June 2026, when Oracle will have the option of converting those investments into additional equity in the chip startup. "If either of such options is exercised by us or our co-investors, we would obtain control of Ampere and consolidate its results with our results of operations," the filing explains.

According to the document, Oracle spent roughly $48 million on Ampere processors during its 2023 fiscal year – some of it direct with Ampere and some through a third party. By comparison, Big Red spent just $3 million on Ampere's chips and had $101.1 million worth of products available under a pre-payment order by the end of fiscal year 2024.

This is despite the fact that Oracle is aggressively expanding its datacenter footprint to address growing demand for AI infrastructure. These efforts have included the deployment of massive clusters of GPUs from Nvidia and AMD with the largest campus developments nearing a gigawatt in scale.

[...] Despite being one of the first to successfully commercialize an Arm-compatible datacenter-grade microprocessor – and winning customers including Microsoft and Google – Ampere faces growing competition not only from the likes of Intel and AMD, but its own customers.

To compete with Ampere's 192-core chips, Intel and AMD have competing products with 128 to 288 cores. Meanwhile, Microsoft and Google have announced custom Arm silicon of their own with their Cobalt and Axion chips respectively. Meanwhile, Arm itself has been pushing its Compute Subsystems (CSS) offering for customers that want a customized chip but can't be bothered to design one from the core up.

Original Submission

Arthur T Knackerbracket has processed the following story:

SpaceX celebrated the first human spaceflight from its Cape Canaveral launch site on Saturday, and while the two humans aboard the Crew Dragon Freedom are safely on their way to the International Space Station, a problem arose with the rocket's second stage that prompted the company to shut down future launches for now.

"After today's successful launch of Crew-9, Falcon 9's second stage was disposed in the ocean as planned, but experienced an off-nominal deorbit burn," SpaceX posted on X. "As a result, the second stage safely landed in the ocean, but outside of the targeted area. We will resume launching after we better understand [the] root cause."

The first victim of the shutdown was a planned launch Sunday from California of a Falcon 9 with a plan to send up the OneWeb Launch 20 mission for EutelsatGroup.

The Federal Aviation Administration still has that launch on its operations plan advisory for as early as Oct. 1, but the last two times SpaceX had an "off-nominal" issue with a Falcon 9 launch, the FAA had grounded the rocket.

The most recent was a fiery landing of a Falcon 9's first-stage booster last month during a Starlink mission.

"The FAA investigates commercial space incidents to determine the root cause and identify corrective actions so they won't happen again," the FAA said in a statement after that incident.

[...] Any significant delay in launches could affect the upcoming Falcon Heavy launch of NASA's Europa Clipper mission to send a massive satellite to Jupiter's icy moon Europa.

That flight is slated to fly as early as Oct. 10 from Kennedy Space Center's Launch Complex 39-A.

Original Submission

Arthur T Knackerbracket has processed the following story:

The M87 galaxy is monstrous.

It contains several trillions of stars, compared to our Milky Way's hundreds of billions. And the supermassive black hole at its center is shooting an outstretched beam of energy into space. The Hubble Space Telescope, operated by NASA and the European Space Agency, has captured a new image of this energetic cosmic event, which produces a beam of superheated gas 3,000 light-years long (a single light-year is nearly 6 trillion miles).

NASA calls this jet "blowtorch-like," and it seems to be triggering many stars near its trajectory to erupt.

"We don't know what's going on, but it's just a very exciting finding," Alec Lessing of Stanford University, who led the research into the finding, said in an agency statement. "This means there's something missing from our understanding of how black hole jets interact with their surroundings."

In the Hubble telescope image below, the colossal elliptical galaxy M87, which is shaped like a giant egg, looks like "a translucent, fuzzy white cotton ball," ESA explained. The jet, as you can see, is the wavy blue beam blasting out from the galactic core, home to the supermassive black hole (it has the mass of 5.4 billion suns).

As the jet shoots through the galaxy, astronomers suspect it's triggering a type of stellar explosion called a "nova." These eruptions happen in double-star systems with an aging star — which is bloated and shedding its layers — and a white dwarf star, which is the hot core of a sun-like star that has shed its mass. The swollen star dumps material (hydrogen) on the white dwarf. "When the dwarf has tanked up a mile-deep surface layer of hydrogen that layer explodes like a giant nuclear bomb," the agency explained. And then the gradual process renews.

Original Submission