Linux fréttir

An anonymous reader shares a report: There's a colossal shift going on in artificial intelligence -- but it's not the one some may think. While advanced language-generating systems and chatbots have dominated news headlines, private AI companies have quietly entrenched their power. Recent developments mean that a handful of individuals and corporations now control much of the resources and knowledge in the sector -- and will ultimately shape its impact on our collective future. The phenomenon, which AI experts refer to as "industrial capture," was quantified in a paper published by researchers from the Massachusetts Institute of Technology in the journal Science earlier this month, calling on policymakers to pay closer attention. Its data is increasingly crucial. [...] The MIT research found that almost 70 per cent of AI PhDs went to work for companies in 2020, compared to 21 per cent in 2004. Similarly, there was an eightfold increase in faculty being hired into AI companies since 2006, far faster than the overall increase in computer science research faculty. "Many of the researchers we spoke to had abandoned certain research trajectories because they feel they cannot compete with industry -- they simply don't have the compute or the engineering talent," said Nur Ahmed, author of the Science paper. In particular, he said that academics were unable to build large language models like GPT-4, a type of AI software that generates plausible and detailed text by predicting the next word in a sentence with high accuracy. The technique requires enormous amounts of data and computing power that primarily only large technology companies like Google, Microsoft and Amazon have access to. Ahmed found that companies' share of the biggest AI models has gone from 11 per cent in 2010 to 96 per cent in 2021. A lack of access means researchers cannot replicate the models built in corporate labs, and can therefore neither probe nor audit them for potential harms and biases very easily. The paper's data also showed a significant disparity between public and private investment into AI technology.

Read more of this story at Slashdot.

Share price slides below $1 for 30 days straight, but company vows it will comply with NYSE regs again

D-Wave Quantum Inc is being warned by the New York Stock Exchange that it no longer complies with the regulations that govern listed businesses because its share price has been sitting under $1 for 30 trading days.…

JPMorgan Chase is planning to test new technology that would let consumers pay with their palms or faces at certain US merchants. From a report: The bank, home to one of the world's biggest payment-processing businesses, plans to roll out the service to its broader base of US merchant clients if the pilot program goes well, according to a statement Thursday. The pilot may include a Formula 1 race in Miami as well as some brick-and-mortar stores. "The evolution of consumer technology has created new expectations for shoppers," Jean-Marc Thienpont, head of omnichannel solutions for JPMorgan's payments business, said in the statement. "Merchants need to be ready to adapt to these new expectations." JPMorgan is seizing on the rising popularity of biometrics technology, which uses unique body measurements to authenticate a person's identity. The technology is expected to account for roughly $5.8 trillion in transactions and 3 billion users by 2026, JPMorgan said, citing Goode Intelligence. Here's how it works: Customers enroll their palm or face through an in-store process. Then, at checkout, they scan their biometric to complete the transaction and get a receipt.

Read more of this story at Slashdot.

Apple plans to spend $1 billion a year to produce movies that will be released in theaters, Bloomberg News reported Thursday, citing people familiar with the company's plans, part of an ambitious effort to raise its profile in Hollywood and lure subscribers to its streaming service. From the report: Apple has approached movie studios about partnering to release a few titles in theaters this year and a slate of more films in the future, said the people, who asked not to be identified because the plans are private. The list of potential releases includes Martin Scorsese's Killers of the Flower Moon, which stars Leonardo DiCaprio; the spy thriller Argylle, from director Matthew Vaughn; and Napoleon, Ridley Scott's drama about the French conqueror. The investment is a significant increase from years past. Most of Apple's previous original movies have either been exclusive to the streaming service or released in a limited number of theaters. The company has pledged to put movies in thousands of theaters for at least a month, said the people, though it hasn't finalized any plans.

Read more of this story at Slashdot.

A highly opinionated little live USB/DVD/VM image for the paranoid

The latest version of TAILS has improved memory management, which means it should work a little better on memory-constrained computers. It's the go-to option for secure private internet access.…

A cool $1 million to a man who is not afraid to eat his own words, nor roll out his own cable

Professor, engineer and namesake of Metcalfe's law Robert Metcalfe is the latest winner of the Turing Award for an invention he made back in the 1970s: the Ethernet.…

An anonymous reader quotes a report from KrebsOnSecurity: Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones. In November 2022, researchers at Google's Project Zero warned about active attacks on Samsung mobile phones which chained together three security vulnerabilities that Samsung patched in March 2021, and which would have allowed an app to add or read any files on the device. Google said it believes the exploit chain for Samsung devices belonged to a "commercial surveillance vendor," without elaborating further. The highly technical writeup also did not name the malicious app in question. On Feb. 28, 2023, researchers at the Chinese security firm DarkNavy published a blog post purporting to show evidence that a major Chinese ecommerce company's app was using this same three-exploit chain to read user data stored by other apps on the affected device, and to make its app nearly impossible to remove. DarkNavy likewise did not name the app they said was responsible for the attacks. In fact, the researchers took care to redact the name of the app from multiple code screenshots published in their writeup. DarkNavy did not respond to requests for clarification. "At present, a large number of end users have complained on multiple social platforms," reads a translated version of the DarkNavy blog post. "The app has problems such as inexplicable installation, privacy leakage, and inability to uninstall." On March 3, 2023, a denizen of the now-defunct cybercrime community BreachForums posted a thread which noted that a unique component of the malicious app code highlighted by DarkNavy also was found in the ecommerce application whose name was apparently redacted from the DarkNavy analysis: Pinduoduo. A Mar. 3, 2023 post on BreachForums, comparing the redacted code from the DarkNavy analysis with the same function in the Pinduoduo app available for download at the time. On March 4, 2023, e-commerce expert Liu Huafang posted on the Chinese social media network Weibo that Pinduoduo's app was using security vulnerabilities to gain market share by stealing user data from its competitors. That Weibo post has since been deleted. On March 7, the newly created Github account Davinci1010 published a technical analysis claiming that until recently Pinduoduo's source code included a "backdoor," a hacking term used to describe code that allows an adversary to remotely and secretly connect to a compromised system at will. That analysis includes links to archived versions of Pinduoduo's app released before March 5 (version 6.50 and lower), which is when Davinci1010 says a new version of the app removed the malicious code. Pinduoduo boasts approximately 900 million monthly active users in China. In August of last year, the Guardian published an article covering the company's plans to expand to the U.S. and take on Amazon.

Read more of this story at Slashdot.

Short seller Hindenburg Research, on Block: Block, formerly known as Square, is a $44 billion market cap company that claims to have developed a "frictionless" and "magical" financial technology with a mission to empower the "unbanked" and the "underbanked." Our 2-year investigation has concluded that Block has systematically taken advantage of the demographics it claims to be helping. The "magic" behind Block's business has not been disruptive innovation, but rather the company's willingness to facilitate fraud against consumers and the government, avoid regulation, dress up predatory loans and fees as revolutionary technology, and mislead investors with inflated metrics. Our research involved dozens of interviews with former employees, partners, and industry experts, extensive review of regulatory and litigation records, and FOIA and public records requests. Most analysts are excited about the post-pandemic surge of Block's Cash App platform, with expectations that its 51 million monthly transacting active users and low customer acquisition costs will drive high margin growth and serve as a future platform to offer new products. Our research indicates, however, that Block has wildly overstated its genuine user counts and has understated its customer acquisition costs. Former employees estimated that 40%-75% of accounts they reviewed were fake, involved in fraud, or were additional accounts tied to a single individual. Core to the issue is that Block has embraced one traditionally very "underbanked" segment of the population: criminals. The company's "Wild West" approach to compliance made it easy for bad actors to mass-create accounts for identity fraud and other scams, then extract stolen funds quickly. Even when users were caught engaging in fraud or other prohibited activity, Block blacklisted the account without banning the user. A former customer service rep shared screenshots showing how blacklisted accounts were regularly associated with dozens or hundreds of other active accounts suspected of fraud. This phenomenon of allowing blacklisted users was so common that rappers bragged about it in hip hop songs. Block obfuscates how many individuals are on the Cash App platform by reporting misleading "transacting active" metrics filled with fake and duplicate accounts. Block can and should clarify to investors an estimate on how many unique people actually use Cash App.

Read more of this story at Slashdot.

Just lucky Western Europe was asleep when it happened

Any insomniacs, workaholics or those pulling an all-nighter related to a past deadline project may have noted a four-and-a-half hour failure of Azure Resource Manager in Europe this morning following a recent code change.…

Strange appearance and behavior perplexed astronomers, led some folks to believe it was alien spaceship

The cigar-shaped 'Oumuamua, the first interstellar object in recorded human history to whizz through the Solar System, is a comet after all, a pair of astronomers declared in research published in Nature on Wednesday.…

This is that rare announcement that's far more significant than it sounds

Which of these appeals more: a new, free, Javascript framework for writing network-enabled 3D games, complete with integrated physics modelling and spatial audio… or, a complete, mature, dynamic programming platform that can implement the metaverse?…

The European Commission has adopted a new set of right to repair rules (PDF) that, among other things, will add electronic devices like smartphones and tablets to a list of goods that must be built with repairability in mind. The Register reports: The new rules will need to be need to be negotiated between the European Parliament and member states before they can be turned into law. If they are, a lot more than just repairability requirements will change. One provision will require companies selling consumer goods in the EU to offer repairs (as opposed to just replacing a damaged device) free of charge within a legal guarantee period unless it would be cheaper to replace a damaged item. Beyond that, the directive also adds a set of rights for device repairability outside of legal guarantee periods that the EC said will help make repair a better option than simply tossing a damaged product away. Under the new post-guarantee period rule, companies that produce goods the EU defines as subject to repairability requirements (eg, appliances, commercial computer hardware, and soon cellphones and tablets) are obliged to repair such items for five to 10 years after purchase if a customer demands so, and the repair is possible. OEMs will also need to inform consumers about which products they are liable to repair, and consumers will be able to request a new Repair Information Form from anyone doing a repair that makes pricing and fees more transparent. The post-guarantee period repair rule also establishes the creation of an online "repair matchmaking platform" for EU consumers, and calls for the creation of a European repair standard that will "help consumers identify repairers who commit to a higher quality." "Repair is key to ending the model of 'take, make, break, and throw away' that is so harmful to our planet, our health and our economy," said Frans Timmermans, EVP for the European Green Deal, which aims to make the whole of EU carbon neutral by 2050. On that note, the EC proposed a set of anti-greenwashing laws alongside passing its right to repair rule yesterday that would make it illegal to make any green claims about a product without evidence. Citing the fact that 94 percent of Europeans believe protecting the environment is important, the EC said its proposal covers any explicit, voluntarily-made claims "which relate to the environmental impact, aspect, or performance of a product or the trader itself." Any such claims, like a laptop being made from recycled plastic, would need to be independently verified and proven with scientific evidence, the EC said.

Read more of this story at Slashdot.

Terminal maker General Bytes shutters its cloud business after second breach in seven months

Unidentified miscreants have siphoned cryptocurrency valued at more than $1.5 million from Bitcoin ATMs by exploiting an unknown flaw in digicash delivery systems.…

All aboard the chatbot hype train! Next stop: Fraud

Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies – but not before more than 9,000 users installed the account-compromising bot.…

Careful scrutiny of the debris from the impact of NASA's DART mission into Dimorphos has not found any evidence for water-ice on the asteroid, nor the residue of thruster fuel from the spacecraft, new results from the European Southern Observatory (ESO) show. Space.com reports: However, the data from the MUSE (Multi-Unit Spectroscopic Explorer) instrument on ESO's Very Large Telescope in Chile does indicate differences in the size of particles in the debris, and show how the polarization of the light from the asteroid changed. These could both reveal details about the nature of the ejecta excavated by the impact, the recoil from which gave Dimorphos the biggest push. [...] "Before the impact, we were not really sure what to expect," said Cyrielle Opitom of the University of Edinburgh in an interview with Space.com. Opitom led a team who used MUSE to go in search of any water on Dimorphos. They observed the Didymos-Dimorphos system on 11 occasions, from just before the impact to about a month afterwards. MUSE is able to split the light from the double-asteroid into a spectrum, or rainbow, of colors, to look for emission at specific wavelengths that corresponds to specific molecules. In particular, Opitom's team searched the ejecta for water molecules and for oxygen that could have come from the break-up of water molecules by the impact. However, no evidence of water was detected. Dimorphos, at least, seems to be a dry asteroid. There was also no evidence in the ejecta of traces of the hydrazine fuel that was on board DART, nor the xenon from its ion engine, although given their small quantities the non-detection is not a surprise. However, MUSE's observations were able to track the evolution of the cloud of ejecta (debris) thrown up by the impact, and in particular they helped determine the size distribution of the dust particles initially in the ejecta cloud and later in the tail streaming away from the asteroid. The research was published in the journal Astronomy & Astrophysics.

Read more of this story at Slashdot.

Didn't disclose payments as mastermind pumped up value of tokens with fake trades

Eight very B-list celebrities have agreed to cough up fines after being accused of shilling a cryptocurrency without disclosing they were paid to do so, while the chap who paid them has been charged with fraud.…

Now all it has to do is land

The possibility of the world's first successful privately funded and operated Moon landing is looking a little more likely after Japanese aerospace outfit ispace announced its Hakuto-R lander successfully completed a lunar orbit insertion maneuver on Tuesday.…

Builds its own seat at the standards development table

India's government has presented the nation with a challenge: to lead development and deployment of 6G, both within its borders and elsewhere.…

turp182 shares a report from Ars Technica: Hackers drained millions of dollars in digital coins from cryptocurrency ATMs by exploiting a zero-day vulnerability, leaving customers on the hook for losses that can't be reversed, the kiosk manufacturer has revealed. The heist targeted ATMs sold by General Bytes, a company with multiple locations throughout the world. These BATMs, short for bitcoin ATMs, can be set up in convenience stores and other businesses to allow people to exchange bitcoin for other currencies and vice versa. Customers connect the BATMs to a crypto application server (CAS) that they can manage or, until now, that General Bytes could manage for them. For reasons that aren't entirely clear, the BATMs offer an option that allows customers to upload videos from the terminal to the CAS using a mechanism known as the master server interface. Over the weekend, General Bytes revealed that more than $1.5 million worth of bitcoin had been drained from CASes operated by the company and by customers. To pull off the heist, an unknown threat actor exploited a previously unknown vulnerability that allowed it to use this interface to upload and execute a malicious Java application. The actor then drained various hot wallets of about 56 BTC, worth roughly $1.5 million. General Bytes patched the vulnerability 15 hours after learning of it, but due to the way cryptocurrencies work, the losses were unrecoverable. [...] Once the malicious application executed on a server, the threat actor was able to (1) access the database, (2) read and decrypt encoded API keys needed to access funds in hot wallets and exchanges, (3) transfer funds from hot wallets to a wallet controlled by the threat actor, (4) download user names and password hashes and turn off 2FA, and (5) access terminal event logs and scan for instances where customers scanned private keys at the ATM. The sensitive data in step 5 had been logged by older versions of ATM software. Going forward, this weekend's post said, General Bytes will no longer manage CASes on behalf of customers. That means terminal holders will have to manage the servers themselves. The company is also in the process of collecting data from customers to validate all losses related to the hack, performing an internal investigation, and cooperating with authorities in an attempt to identify the threat actor. General Bytes said the company has received "multiple security audits since 2021," and that none of them detected the vulnerability exploited. The company is now in the process of seeking further help in securing its BATMs.

Read more of this story at Slashdot.

British American Tobacco, Samsung, also burgered up their infosec

South Korea's Personal Information Protection Commission has fined McDonald's, British American Tobacco, and Samsung for privacy breaches.…